Date: Sun, 15 Oct 2000 20:30:19 -0400 (EDT) From: ahd@kew.com To: FreeBSD-gnats-submit@freebsd.org Subject: kern/22012: Secure level 2 in kernel prevents read access to ipnat information Message-ID: <20001016003019.9ED048C47@kendra.ne.mediaone.net>
next in thread | raw e-mail | index | archive | help
>Number: 22012 >Category: kern >Synopsis: Secure level 2 in kernel prevents read access to ipnat information >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sun Oct 15 17:40:01 PDT 2000 >Closed-Date: >Last-Modified: >Originator: Drew Derbyshire >Release: FreeBSD 4.1-RELEASE i386 >Organization: Kendra Electronic Wonderworks, Stoneham, MA 02180 (http://www.kew.com) >Environment: FreeBSD 4.1 running ipnat on firewall. >Description: Raising secure level of the kernel to 2 prevents even read only access to the IPNAT maps. >How-To-Repeat: sonata,134# sysctl -a | grep secure kern.securelevel: -1 sonata,136# ipnat -l List of active MAP/Redirect filters: map ep0 192.168.200.0/22 -> 0.0.0.0/32 proxy port ftp ftp/tcp map ep0 192.168.200.0/22 -> 0.0.0.0/32 proxy port 7070 raudio/tcp map ep0 192.168.200.0/22 -> 0.0.0.0/32 portmap tcp/udp 20000:21999 List of active sessions: sonata,137# sysctl -w kern.securelevel=2 kern.securelevel: -1 -> 2 sonata,138# ipnat -l ioctl(SIOCGNATS): Operation not permitted >Fix: Workaround: Disable raising kernel security level. >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001016003019.9ED048C47>