From owner-freebsd-security Tue Mar 25 12:55:58 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4E04C37B401 for ; Tue, 25 Mar 2003 12:55:53 -0800 (PST) Received: from web20703.mail.yahoo.com (web20703.mail.yahoo.com [216.136.226.176]) by mx1.FreeBSD.org (Postfix) with SMTP id A01B143FA3 for ; Tue, 25 Mar 2003 12:55:52 -0800 (PST) (envelope-from neoninternet@yahoo.com) Message-ID: <20030325205552.45387.qmail@web20703.mail.yahoo.com> Received: from [68.2.136.173] by web20703.mail.yahoo.com via HTTP; Tue, 25 Mar 2003 12:55:52 PST Date: Tue, 25 Mar 2003 12:55:52 -0800 (PST) From: ". ." Subject: Ident in a jailed environment (continued) To: freebsd-stable@freebsd.org Cc: freebsd-security@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Spam-Status: No, hits=0.0 required=5.0 tests=none version=2.50 X-Spam-Level: X-Spam-Checker-Version: SpamAssassin 2.50 (1.173-2003-02-20-exp) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Sorry for the cross-post. I have seen this issue in both lists and just want to make sure it gets through to the proper people. I have sent this request to -stable list before, just reopening the issue: Hey. Ident under -stable doesn't work correctly. This has been discussed before and is fixed in 5.0 but I'm not sure if I want to use 5.0 on a production server. I applied a patch that was made by Robert Watson that was submitted in 2001 for 4.3 (I believe). It applies but still doesn't work. I have pasted the patch below. Does anyone have any other suggestions a hack to get ident to work inside a 4.7 jail? I have also patched tcp6_subr.c and udp_subr.c. I am just wanting to get ident working which is ipv4 tcp port 113. I've applied all the patches I could find (this one) and still nothing. The u_cansee code is no longer in 4.x so I can't put that in. I have tried built in auth, ident2, oidentd. None of them return correctly. Any ideas? Thanks, Kevin Bockman Index: tcp_subr.c =================================================================== RCS file: /home/ncvs/src/sys/netinet/tcp_subr.c,v retrieving revision 1.73.2.22 diff -u -r1.73.2.22 tcp_subr.c --- tcp_subr.c 22 Aug 2001 00:59:12 -0000 1.73.2.22 +++ tcp_subr.c 7 Dec 2001 16:56:23 -0000 @@ -910,7 +910,7 @@ struct inpcb *inp; int error, s; - error = suser(req->p); + error = suser_xxx(NULL, req->p, PRISON_ROOT); if (error) return (error); error = SYSCTL_IN(req, addrs, sizeof(addrs)); __________________________________________________ Do you Yahoo!? Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop! http://platinum.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message