From owner-freebsd-security  Thu Dec  6  7: 8:52 2001
Delivered-To: freebsd-security@freebsd.org
Received: from db.nexgen.com (db.nexgen.com [66.92.98.149])
	by hub.freebsd.org (Postfix) with SMTP id 83D9737B419
	for <freebsd-security@FreeBSD.ORG>; Thu,  6 Dec 2001 07:08:46 -0800 (PST)
Received: (qmail 11511 invoked from network); 6 Dec 2001 15:08:04 -0000
Received: from localhost.nexgen.com (HELO alexus) (root@127.0.0.1)
  by localhost.nexgen.com with SMTP; 6 Dec 2001 15:08:04 -0000
Message-ID: <00dd01c17e67$e31c0480$0d00a8c0@alexus>
From: "alexus" <ml@db.nexgen.com>
To: "Crist J . Clark" <cjc@FreeBSD.ORG>
Cc: <freebsd-security@FreeBSD.ORG>
References: <000901c17de6$c6a49730$0d00a8c0@alexus> <20011206003719.S3061@blossom.cjclark.org>
Subject: Re: identd inside of jail
Date: Thu, 6 Dec 2001 10:08:39 -0500
Organization: NexGen
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

well ..

can you suggest somethin here?

----- Original Message -----
From: "Crist J . Clark" <cjc@FreeBSD.ORG>
To: "alexus" <ml@db.nexgen.com>
Cc: <freebsd-security@FreeBSD.ORG>
Sent: Thursday, December 06, 2001 3:37 AM
Subject: Re: identd inside of jail


> On Wed, Dec 05, 2001 at 06:44:26PM -0500, alexus wrote:
> > Hello
> >
> > I'm posting on this thread on this list due to jail itself is a security
> > related issue, if this is wrong list i'll repost it on another list.
> >
> > did anyone sucseed on making identd (from inetd) or any other identd to
work
> > inside of jail?
>
> I don't think the auth service in inetd(8) will work in a jail. I
> believe the "net.inet.tcp.getcred" sysctl(3) fails.
>
> > the identd itself is working, however to make it work for outside world
too
> > i put forward for port 113 using natd
> >
> > su-2.05# grep 113 /etc/natd.conf
> > redirect_port tcp jail:113 113
>
> And running it through a NATing gateway opens up a whole bunch of other
> issues that have nothing to do with jail(8).
> --
> "It's always funny until someone gets hurt. Then it's hilarious."
>
> Crist J. Clark                     |     cjclark@alum.mit.edu
>                                    |     cjclark@jhu.edu
> http://people.freebsd.org/~cjc/    |     cjc@freebsd.org
>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message