RE: jail support for ping, traceroute, etc.. crude hack

2003-03-22 Thread Mooneer Salem
:57 AM To: Peter Jeremy Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: jail support for ping, traceroute, etc.. crude hack On Mon, Mar 17, 2003 at 10:06:27AM +0300, .@babolo.ru wrote: It is time to invent ping socket and traceroute socket in addition to tcp, udp, divert so on? Whilst

Re: jail support for ping, traceroute, etc.. crude hack

2003-03-17 Thread .
On Mon, Mar 17, 2003 at 10:06:27AM +0300, .@babolo.ru wrote: It is time to invent ping socket and traceroute socket in addition to tcp, udp, divert so on? Whilst this might seem nice, actually implementing so that it is both useful and safe is not easy. For a ping socket, this is

jail support for ping, traceroute, etc.. crude hack

2003-03-16 Thread Jared Mauch
so, i am working on building a super-server for me and several friends to collaborate with on the money front to put our machine in a colo location, etc.. and still have good access to networking resources. as a result, i needed to modify the FreeBSD kernel such that it will

RE: jail support for ping, traceroute, etc.. crude hack

2003-03-16 Thread Mooneer Salem
/ lifeafterking.org: http://www.lifeafterking.org/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Jared Mauch Sent: Sunday, March 16, 2003 1:14 PM To: [EMAIL PROTECTED] Subject: jail support for ping, traceroute, etc.. crude hack so, i am working

Re: jail support for ping, traceroute, etc.. crude hack

2003-03-16 Thread Jared Mauch
PROTECTED] Subject: jail support for ping, traceroute, etc.. crude hack so, i am working on building a super-server for me and several friends to collaborate with on the money front to put our machine in a colo location, etc.. and still have good access to networking resources

Re: jail support for ping, traceroute, etc.. crude hack

2003-03-16 Thread northern snowfall
Jail is irrelevant if an attacker can access the kernel. It sounds like you're looking for a secure solution that UNIX doesn't even have the capability to implement. The real solution in a BSD environment would be too elaborate for my taste. It would make more sense to me to move away from UNIX ;)

Re: jail support for ping, traceroute, etc.. crude hack

2003-03-16 Thread .
On Sun, Mar 16, 2003 at 02:30:36PM -0800, Mooneer Salem wrote: When i was looking at this i was somewhat frustated with the way suser() doesn't really allow any sort of a context-of-check to happen easily that i was able to find. ie, was it for a networking check, filesystem, etc..

Re: jail support for ping, traceroute, etc.. crude hack

2003-03-16 Thread Peter Jeremy
On Mon, Mar 17, 2003 at 10:06:27AM +0300, .@babolo.ru wrote: It is time to invent ping socket and traceroute socket in addition to tcp, udp, divert so on? Whilst this might seem nice, actually implementing so that it is both useful and safe is not easy. For a ping socket, this is reasonably easy