Re: Security of a JAIL UDP patch

[Marc G. Fournier]

U, named currently does work within a jail ... I run several at the
moment ...


On Thu, 26 Sep 2002, Martin Matuska wrote:

 I would like to ask which aspects has this patch on security of a jailed
 environment.
 This patch enables the use of named or ircd in jails.

 --- in_pcb.c.old  Mon Mar 18 23:57:57 2002
 +++ in_pcb.c  Tue Mar 19 09:52:45 2002
 @@ -501,6 +501,8 @@
   int error;

   if (inp-inp_laddr.s_addr == INADDR_ANY  p-p_prison != NULL) {
 + if (inp-inp_lport != 0)
 + inp-inp_laddr.s_addr = htonl(p-p_prison-pr_ip);
   bzero(sa, sizeof (sa));
   sa.sin_addr.s_addr = htonl(p-p_prison-pr_ip);
   sa.sin_len=sizeof (sa);

 Patch author was Lamont Granquist [EMAIL PROTECTED]
 Reference:
 http://www.freebsd.org/cgi/getmsg.cgi?fetch=393634+395986+/usr/local/www/db/
 text/2002/freebsd-stable/20020331.freebsd-stable

 Thank you very much


 To Unsubscribe: send mail to [EMAIL PROTECTED]
 with unsubscribe freebsd-hackers in the body of the message



To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-hackers in the body of the message

Security of a JAIL UDP patch

[Martin Matuska]

I would like to ask which aspects has this patch on security of a jailed
environment.
This patch enables the use of named or ircd in jails.

--- in_pcb.c.oldMon Mar 18 23:57:57 2002
+++ in_pcb.cTue Mar 19 09:52:45 2002
@@ -501,6 +501,8 @@
int error;

if (inp-inp_laddr.s_addr == INADDR_ANY  p-p_prison != NULL) {
+   if (inp-inp_lport != 0)
+   inp-inp_laddr.s_addr = htonl(p-p_prison-pr_ip);
bzero(sa, sizeof (sa));
sa.sin_addr.s_addr = htonl(p-p_prison-pr_ip);
sa.sin_len=sizeof (sa);

Patch author was Lamont Granquist [EMAIL PROTECTED]
Reference:
http://www.freebsd.org/cgi/getmsg.cgi?fetch=393634+395986+/usr/local/www/db/
text/2002/freebsd-stable/20020331.freebsd-stable

Thank you very much


To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-hackers in the body of the message