From owner-freebsd-security Sun Jan 20 12:41: 2 2002 Delivered-To: freebsd-security@freebsd.org Received: from pf39.warszawa.sdi.tpnet.pl (pf39.warszawa.sdi.tpnet.pl [213.25.209.39]) by hub.freebsd.org (Postfix) with ESMTP id 94F3137B421 for ; Sun, 20 Jan 2002 12:40:52 -0800 (PST) Received: (from zaks@localhost) by pf39.warszawa.sdi.tpnet.pl (8.11.6/8.11.6) id g0KKenk01129; Sun, 20 Jan 2002 21:40:49 +0100 (CET) (envelope-from zaks) From: Slawek Zak To: freebsd-security@FreeBSD.ORG Subject: Re: identd inside of jail References: Content-MD5: 1f27dce8f86573653f1b7bcdfd807e59 Date: Sun, 20 Jan 2002 21:40:48 +0100 In-Reply-To: (Robert Watson's message of "Fri, 7 Dec 2001 11:52:57 -0500 (EST)") Message-ID: <87wuycycvj.fsf@pf39.warszawa.sdi.tpnet.pl> Lines: 14 User-Agent: Gnus/5.090005 (Oort Gnus v0.05) XEmacs/21.5 (asparagus, i386-unknown-freebsd4.4) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri, 7 Dec 2001, Robert Watson told this: > This problem is fixed in 5.0-CURRENT as it performs two checks in udp and > tcp getcred: first, it checks for privilege (and permits the jail to > succeed), and second, it checks whether the connection in question is > visible to the current jail. And what about check if connection was initiated from server, just like it's done in OpenBSD? ;) /S -- hundred-and-one symptoms of being an internet addict: 196. Your computer costs more than your car. * Suavek Zak / PGP: finger://zaks@prioris.mini.pw.edu.pl To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message