Date: Tue, 15 Feb 2005 20:33:43 +0100 From: Piotr Chytla <pch@fouk.org> To: freebsd-security@freebsd.org Subject: Identd in jail. Message-ID: <20050215193342.GA19313@fouk.org>
next in thread | raw e-mail | index | archive | help
Hi Few days ago I've problem with running identd in jail on 4.10-stable I've found that getcred() sysctl isn't permitted from within jail on 4.x. R.Watson suggest some "cheap hack" for this but I've solved this without patching the kernel. My patched ident gets result of getcred() sysctl from jauthd daemon via unix socket. Jauthd is simply getcred proxy, it gets two sockadddr_in from jailed process and sends ucred. Jauthd daemon can be extend to verify data recived from jailed process, and of course to listen in many jails . I know that this isn't far better then "cheap hack" :)) but for sure it don't give getcred sysctl for everyone in the system, and in all jails. http://fouk.org/~pch/patches/builtins.c.patch applay this patch to /usr/src/usr.sbin/inetd/builtins.c and add AUTHJAIL to Makefile http://fouk.org/~pch/patches/jauthd.c /pch
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050215193342.GA19313>