Date: 13 Jun 2001 03:35:50 +0200 From: Dag-Erling Smorgrav <des@ofug.org> To: Bill Fumerola <billf@mu.org> Cc: mayres@chimesnet.com, freebsd-bugs@FreeBSD.org Subject: Re: misc/28107: identd does not return usernames while running under a jail. Message-ID: <xzpzobdkvpl.fsf@flood.ping.uio.no> In-Reply-To: <20010612201504.J37979@elvis.mu.org> References: <200106130107.f5D17kV90052@freefall.freebsd.org> <20010612201504.J37979@elvis.mu.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Bill Fumerola <billf@mu.org> writes: > how is that a feature, what resource is it protecting? Information about sockets owned by processes outside the jail. There's no (non-trivial) way to determine a socket belongs inside or outside a jail - there's no direct mapping from sockets to processes, so you'd have to traverse the process list and scan the file table of every process not in the same jail as inetd(8) to see if the socket is listed there. This is both expensive and invasive, so the best (or at least, simplest) solution is to deny jailed processes access to this information. DES -- Dag-Erling Smorgrav - des@ofug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?xzpzobdkvpl.fsf>