Identd in jail.
From: Piotr Chytla (pch_at_fouk.org)
Date: 02/15/05
- Previous message: Mikhail: "weird queue keep-state behavior"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 15 Feb 2005 20:33:43 +0100 To: freebsd-security@freebsd.org
Hi
Few days ago I've problem with running identd in jail on 4.10-stable
I've found that getcred() sysctl isn't permitted from within jail on 4.x.
R.Watson suggest some "cheap hack" for this but I've solved this
without patching the kernel.
My patched ident gets result of getcred() sysctl from jauthd daemon via
unix socket. Jauthd is simply getcred proxy, it gets two sockadddr_in
from jailed process and sends ucred.
Jauthd daemon can be extend to verify data recived from jailed process,
and of course to listen in many jails .
I know that this isn't far better then "cheap hack" :)) but for sure it don't
give getcred sysctl for everyone in the system, and in all jails.
http://fouk.org/~pch/patches/builtins.c.patch
applay this patch to /usr/src/usr.sbin/inetd/builtins.c and add AUTHJAIL to
Makefile
http://fouk.org/~pch/patches/jauthd.c
/pch
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
- Previous message: Mikhail: "weird queue keep-state behavior"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
