Date: Sun, 12 Mar 2017 17:00:01 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 217728] [patch] restrict access to reserved ports in jails Message-ID: <bug-217728-8@https.bugs.freebsd.org/bugzilla/>
index | next in thread | raw e-mail
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=217728 Bug ID: 217728 Summary: [patch] restrict access to reserved ports in jails Product: Base System Version: CURRENT Hardware: Any OS: Any Status: New Keywords: patch Severity: Affects Only Me Priority: --- Component: kern Assignee: freebsd-bugs@FreeBSD.org Reporter: mattm916@pulsar.neomailbox.ch Keywords: patch Created attachment 180751 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=180751&action=edit patch to add the allow.reserved_port option to jail(8) The attached patch adds a new jail(8) configuration option to deny the use of reserved ports inside jail. This is intended for use in shared-IP jails that set the "ipv4=inherit" option, and would not be useful in VNET-enabled jails. The primary use case is for delegating jail administration to ordinary users who would otherwise not be allowed access to run services reserved ports. Without this patch, ordinary users who have root privileges inside a shared-IP jail have the ability to run services that potentially conflict with the host, such as SSH or Sendmail. -- You are receiving this mail because: You are the assignee for the bug.help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-217728-8>