From owner-freebsd-security  Thu Dec  6  0:37:29 2001
Delivered-To: freebsd-security@freebsd.org
Received: from albatross.prod.itd.earthlink.net (albatross.mail.pas.earthlink.net [207.217.120.120])
	by hub.freebsd.org (Postfix) with ESMTP id 0BEEA37B417
	for <freebsd-security@freebsd.org>; Thu,  6 Dec 2001 00:37:27 -0800 (PST)
Received: from dialup-209.247.143.1.dial1.sanjose1.level3.net ([209.247.143.1] helo=blossom.cjclark.org)
	by albatross.prod.itd.earthlink.net with esmtp (Exim 3.33 #1)
	id 16Bu1y-00031W-00; Thu, 06 Dec 2001 00:37:22 -0800
Received: (from cjc@localhost)
	by blossom.cjclark.org (8.11.6/8.11.3) id fB68bJd07191;
	Thu, 6 Dec 2001 00:37:19 -0800 (PST)
	(envelope-from cjc)
Date: Thu, 6 Dec 2001 00:37:19 -0800
From: "Crist J . Clark" <cjc@FreeBSD.ORG>
To: alexus <ml@db.nexgen.com>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: identd inside of jail
Message-ID: <20011206003719.S3061@blossom.cjclark.org>
References: <000901c17de6$c6a49730$0d00a8c0@alexus>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <000901c17de6$c6a49730$0d00a8c0@alexus>; from ml@db.nexgen.com on Wed, Dec 05, 2001 at 06:44:26PM -0500
X-URL: http://people.freebsd.org/~cjc/
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Wed, Dec 05, 2001 at 06:44:26PM -0500, alexus wrote:
> Hello
> 
> I'm posting on this thread on this list due to jail itself is a security
> related issue, if this is wrong list i'll repost it on another list.
> 
> did anyone sucseed on making identd (from inetd) or any other identd to work
> inside of jail?

I don't think the auth service in inetd(8) will work in a jail. I
believe the "net.inet.tcp.getcred" sysctl(3) fails.

> the identd itself is working, however to make it work for outside world too
> i put forward for port 113 using natd
> 
> su-2.05# grep 113 /etc/natd.conf
> redirect_port tcp jail:113 113

And running it through a NATing gateway opens up a whole bunch of other
issues that have nothing to do with jail(8).
-- 
"It's always funny until someone gets hurt. Then it's hilarious."

Crist J. Clark                     |     cjclark@alum.mit.edu
                                   |     cjclark@jhu.edu
http://people.freebsd.org/~cjc/    |     cjc@freebsd.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message