From owner-freebsd-hackers@FreeBSD.ORG Fri May 30 14:07:27 2003 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1CBC237B401 for ; Fri, 30 May 2003 14:07:27 -0700 (PDT) Received: from falcon.mail.pas.earthlink.net (falcon.mail.pas.earthlink.net [207.217.120.74]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8ED2B43F93 for ; Fri, 30 May 2003 14:07:26 -0700 (PDT) (envelope-from mooneer@translator.cx) Received: from pool0245.cvx34-bradley.dialup.earthlink.net ([216.244.6.245] helo=morpheus) by falcon.mail.pas.earthlink.net with smtp (Exim 3.33 #1) id 19Lr5p-0003Lk-00; Fri, 30 May 2003 14:07:18 -0700 From: "Mooneer Salem" To: "Alexandr Kovalenko" , Date: Fri, 30 May 2003 14:07:15 -0700 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="koi8-r" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) In-Reply-To: <20030530143542.GA72040@nevermind.kiev.ua> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Importance: Normal Subject: RE: jail && (ping && traceroute) X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 May 2003 21:07:27 -0000 Hello, It involves allowing all applications inside the jail access to raw sockets. Raw sockets are also responsible for ipfw and other services; therefore, it may be prudent to add separate sysctl settings allowing/denying access to those. I have a patch that does allow raw sockets and allows people inside a jail to add ipfw rules for their own IP address(es), among other things. See http://msalem.translator.cx/dist/jail_separation.v7.patch (for 5.0-RELEASE). :) Thanks, -- Mooneer Salem GPLTrans: http://www.translator.cx/ lifeafterking.org: http://www.lifeafterking.org/ -----Original Message----- From: owner-freebsd-hackers@freebsd.org [mailto:owner-freebsd-hackers@freebsd.org]On Behalf Of Alexandr Kovalenko Sent: Friday, May 30, 2003 7:36 AM To: freebsd-hackers@freebsd.org Subject: jail && (ping && traceroute) [Please Cc: me on reply] Hello, I have 2 questions: - where in code should I search for icmp socket binding prohibition in jail?; - what bad consequences will appear if I remove those checks and prohibition?. Thanks in advance! -- NEVE-RIPE, will build world for food Ukrainian FreeBSD User Group http://uafug.org.ua/ _______________________________________________ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org"