Re: identd in jailed 4.9-STABLE

• Previous message: Shantanoo Mahajan: "Re: Visual mail notification in KMail"
• In reply to: Matthew Seaman: "Re: identd in jailed 4.9-STABLE"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Thu, 25 Dec 2003 14:38:16 +0200 (EET)
To: Matthew Seaman <m.seaman@infracaninophile.co.uk>

Hello,

you seem to not have tried this under 4.9 or not under jail.
In the host environment I haven't run anything else but sshd which is
bound to listen on the IP != jail environment. In the jail environment
it's not possible to bind on IP outside the jail. After googling a little
I found that this is because identd uses tcp_getcred() which won't leak
information to jail environment. There were a patch for 4.3 which made
identd work but the patch won't work on 4.9-STABLE.

If someone made identd work in jailed environment, please explain how.

thanks

On Thu, 25 Dec 2003, Matthew Seaman wrote:

> On Thu, Dec 25, 2003 at 01:28:12AM +0200, Alexander wrote:
>
> > did someone make identd work on 4.9-STABLE in jailed environment ?
>
> Don't see why it should cause any particular difficulties. You'll
> need to run an instance of inetd(8) in each jail where you want ident
> capability. All of those inetd(8)'s and any inetd(8) from the base
> system should be bound to specific IP addresses by using the '-a'
> option -- otherwise they all attempt to bind to INADDR_ANY and end up
> fighting each other.
>
> Eg: if your machine uses 192.168.0.1 as it's principal IP and has an
> alias address of 192.168.0.2 used by a jail, and you want inetd
> services in both, you would put:
>
> inetd_enable="YES"
> inetd_flags="-wW -a 192.168.0.1"
>
> in /etc/rc.conf on the host environment, and:
>
> inetd_enable="YES"
> inetd_flags="-wW -a 192.168.0.2"
>
>
> Cheers,
>
> Matthew
>
> --
> Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks
> Savill Way
> PGP: http://www.infracaninophile.co.uk/pgpkey Marlow
> Tel: +44 1628 476614 Bucks., SL7 1TH UK
>

_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"

• Previous message: Shantanoo Mahajan: "Re: Visual mail notification in KMail"
• In reply to: Matthew Seaman: "Re: identd in jailed 4.9-STABLE"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages Re: [ronvdaal@zarathustra.linux666.com: Possible security issue with FreeBSD 5.4 jailing and BPF] ... I starting jail + devfs rules, ... tcpdump: /dev/bpf0: No such file or directory ... >jailed environment, allowing a packetsniffer to gather data not meant for ... (FreeBSD-Security) Re: jail + postgresql + System V IPC ... > I have resently installed a jail environment on my freebsd box, ... > problems getting postgresql running under it. ... shared memory and semaphores exist only ... (freebsd-stable) jail + postgresql + System V IPC ... I have resently installed a jail environment on my freebsd box, ... problems getting postgresql running under it. ... After looking a bit on various mailinglists i figured out that I needed to ... (freebsd-stable) Jails, Portmap, Dracd ... I'm attempting to set up jails in a 4.9S environment using the newer ... each jail individually. ... the drac rpc won't work right. ... It was SOOOO much nicer when dracd was not an rpc service. ... (freebsd-isp) Re: Jails, Portmap, Dracd ... > I'm attempting to set up jails in a 4.9S environment using the newer ... > each jail individually. ... > the drac rpc won't work right. ... > It was SOOOO much nicer when dracd was not an rpc service. ... (freebsd-isp)