Date: Thu, 6 Dec 2001 00:37:19 -0800 From: "Crist J . Clark" <cjc@FreeBSD.ORG> To: alexus <ml@db.nexgen.com> Cc: freebsd-security@FreeBSD.ORG Subject: Re: identd inside of jail Message-ID: <20011206003719.S3061@blossom.cjclark.org> In-Reply-To: <000901c17de6$c6a49730$0d00a8c0@alexus>; from ml@db.nexgen.com on Wed, Dec 05, 2001 at 06:44:26PM -0500 References: <000901c17de6$c6a49730$0d00a8c0@alexus>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Dec 05, 2001 at 06:44:26PM -0500, alexus wrote:
> Hello
>
> I'm posting on this thread on this list due to jail itself is a security
> related issue, if this is wrong list i'll repost it on another list.
>
> did anyone sucseed on making identd (from inetd) or any other identd to work
> inside of jail?
I don't think the auth service in inetd(8) will work in a jail. I
believe the "net.inet.tcp.getcred" sysctl(3) fails.
> the identd itself is working, however to make it work for outside world too
> i put forward for port 113 using natd
>
> su-2.05# grep 113 /etc/natd.conf
> redirect_port tcp jail:113 113
And running it through a NATing gateway opens up a whole bunch of other
issues that have nothing to do with jail(8).
--
"It's always funny until someone gets hurt. Then it's hilarious."
Crist J. Clark | cjclark@alum.mit.edu
| cjclark@jhu.edu
http://people.freebsd.org/~cjc/ | cjc@freebsd.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011206003719.S3061>