Date: Sun, 15 Feb 2004 21:35:46 +0100 From: "Poul-Henning Kamp" <phk@phk.freebsd.dk> To: Kris Kennaway <kris@obsecurity.org> Cc: Julian Elischer <julian@elischer.org> Subject: Re: cvs commit: src/sys/kern kern_jail.c Message-ID: <16173.1076877346@critter.freebsd.dk> In-Reply-To: Your message of "Sun, 15 Feb 2004 12:12:38 PST." <20040215201238.GA52924@xor.obsecurity.org>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <20040215201238.GA52924@xor.obsecurity.org>, Kris Kennaway writes:
>
>--mP3DRpeJDSE+ciuQ
>Content-Type: text/plain; charset=us-ascii
>Content-Disposition: inline
>
>On Sun, Feb 15, 2004 at 08:34:21AM -0800, Julian Elischer wrote:
>
>> you sometimes need to be able to know you are in a jail so that you can
>> know not to attempt things that are not permitted in jails..
>> (e.g. pings, or ifconfig'ing network interfaces)
>
>If you try to ping or ifconfig and discover that you can't, you're in
>a jail.
Here is the canonical "injail.c" program:
#include <stdio.h>
#include <sys/types.h>
#include <sys/sysctl.h>
#include <sys/param.h>
#include <sys/user.h>
/*
* Exit 0 = no
* Exit 1 = maybe
* Exit 2 = yes
*/
int
main(int argc, char **argv)
{
int mib[4];
int i, l;
struct kinfo_proc buf;
mib[0] = CTL_KERN;
mib[1] = KERN_PROC;
mib[2] = KERN_PROC_PID;
mib[3] = getpid();
l = sizeof buf;
i = sysctl(mib, 4, &buf, &l, NULL, 0);
if (i != 0 || l != sizeof buf)
exit(1);
if (buf.kp_proc.p_flag & P_JAILED)
exit(2);
exit (0);
}
--
Poul-Henning Kamp | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG | TCP/IP since RFC 956
FreeBSD committer | BSD since 4.3-tahoe
Never attribute to malice what can adequately be explained by incompetence.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?16173.1076877346>