"Jacques A. Vidrine" wrote:
> On Mon, Aug 04, 2003 at 10:53:03AM -0700, Terry Lambert wrote:
> > You would either lose or overexpose root-restricted functionality,
> > such as flood-ping.
>
> Eh? Why? pingd can know your credentials.
Through the credential passing? I thought that wasn't reliab
On Tue, Aug 05, 2003 at 03:55:55AM -0700, Terry Lambert wrote:
> Through the credential passing? I thought that wasn't reliable
> for this type of thing. Specifically, the jail would be in an
> untrusted protection domain; if you just accepted the credential
> blindly, then anyone could be root i
On Mon, Aug 04, 2003 at 10:53:03AM -0700, Terry Lambert wrote:
> You would either lose or overexpose root-restricted functionality,
> such as flood-ping.
Eh? Why? pingd can know your credentials.
Cheers,
--
Jacques Vidrine . NTT/Verio SME . FreeBSD UNIX . Heimdal
[EMAIL PROTECTED]
Brad Knowles wrote:
> At 8:35 AM -0400 2003/08/04, Robert Watson wrote:
> > The best short-term suggestion would be to write a
> > privilege-separated ping tool -- a pingd running outside the jail,
> > providing UNIX domain sockets in each jail that needs the ability to ping;
> > ping then
At 8:35 AM -0400 2003/08/04, Robert Watson wrote:
The best short-term suggestion would be to write a
privilege-separated ping tool -- a pingd running outside the jail,
providing UNIX domain sockets in each jail that needs the ability to ping;
ping then becomes a client that RPC's to pingd
On Mon, 4 Aug 2003, Rus Foster wrote:
> Is there a patch that will allow ping from inside a jail on 5.x? Google
> didn't show anything?
The problem is that, to generate pings, you have to have access to a raw
socket. And unfortuantely, raw sockets imply access to a lot more than
just the abili
Hi All,
Is there a patch that will allow ping from inside a jail on 5.x? Google
didn't show anything?
Cheers
Rus
--
w: http://www.jvds.com | Linux + FreeBSD VDS's from $15/mo
e: [EMAIL PROTECTED]| Totally Customizable Technology
t: 07919 373537 | General FreeBSD Forums:
10% don
