Displaying 6 results from an estimated 6 matches for "socket_unixiproute_on".
Did you mean:
socket_unixiproute_only
2004 Mar 29
0
FreeBSD Security Advisory FreeBSD-SA-04:06.ipv6
...any lines mentioning `INET6' from your
kernel configuration file, and recompile your kernel as described
in <URL:http://www.freebsd.org/handbook/kernelconfig.html>.
- Reboot your system.
2) If all untrusted users are confined within a jail(8), ensure that
the security.jail.socket_unixiproute_only sysctl is set to 1 and
verify that no IPv6 sockets are currently open:
# sysctl security.jail.socket_unixiproute_only=1
# sockstat -6
This will restrict jailed processes to creating UNIX domain, IPv4, and
routing sockets, which are not vulnerable to this problem; note however
that processes ins...
2004 Mar 29
0
FreeBSD Security Advisory FreeBSD-SA-04:06.ipv6
...any lines mentioning `INET6' from your
kernel configuration file, and recompile your kernel as described
in <URL:http://www.freebsd.org/handbook/kernelconfig.html>.
- Reboot your system.
2) If all untrusted users are confined within a jail(8), ensure that
the security.jail.socket_unixiproute_only sysctl is set to 1 and
verify that no IPv6 sockets are currently open:
# sysctl security.jail.socket_unixiproute_only=1
# sockstat -6
This will restrict jailed processes to creating UNIX domain, IPv4, and
routing sockets, which are not vulnerable to this problem; note however
that processes ins...
2005 Dec 22
0
jails and sysctl in freebsd 6.0
Bug or something, look at this
<mother-mail>[~]# cat /etc/sysctl.conf
security.jail.allow_raw_sockets=1
security.jail.set_hostname_allowed=0
<mother-mail>[~]# sysctl -a | grep jail
security.jail.set_hostname_allowed: 1 <<<<< here
security.jail.socket_unixiproute_only: 1
security.jail.sysvipc_allowed: 0
security.jail.enforce_statfs: 2
security.jail.allow_raw_sockets: 1
security.jail.chflags_allowed: 0
security.jail.jailed: 0
The variable points to 1. You can't change the hostname
in jail (that's what I want). But booting OS hangs a little
if you put...
2003 May 21
1
netstat/ipcs inside jail
...quot;inet 10.0.2.6 netmask 0xffffffff"
route_0="10.0.2.6 -iface lo0"
inetd_flags="-wW -a 10.0.2.1"
portmap_enable="NO"
---
- my sysctls for the jail are set as follows and are loaded by
/etc/sysctl.conf
> sysctl -a | grep jail
jail.set_hostname_allowed: 0
jail.socket_unixiproute_only: 0
jail.sysvipc_allowed: 1
- my kernel is compiled with these options
> grep SYSV ruby2
options SYSVSHM #SYSV-style shared memory
options SYSVMSG #SYSV-style message queues
options SYSVSEM #SYSV-style semaphores
- df loo...
2005 Aug 18
4
Closing information leaks in jails?
Hello,
I'm wondering about closing some information leaks in FreeBSD jails from
the "outside world".
Not that critical (depends on the application), but a simple user, with
restricted devfs in the jail (devfsrules_jail for example from
/etc/defaults/devfs.rules) can figure out the following:
- network interfaces related data, via ifconfig, which contains
everything, but the
2006 Apr 12
1
powerd not behaving with an Asus A8V-MX and Athlon 64 X2 3800+
...1003_1b.aio_max: -1
p1003_1b.aio_prio_delta_max: -1
p1003_1b.delaytimer_max: 0
p1003_1b.mq_open_max: 0
p1003_1b.pagesize: 4096
p1003_1b.rtsig_max: 0
p1003_1b.sem_nsems_max: 0
p1003_1b.sem_value_max: 0
p1003_1b.sigqueue_max: 0
p1003_1b.timer_max: 0
security.jail.set_hostname_allowed: 1
security.jail.socket_unixiproute_only: 1
security.jail.sysvipc_allowed: 0
security.jail.enforce_statfs: 2
security.jail.allow_raw_sockets: 0
security.jail.chflags_allowed: 0
security.jail.jailed: 0
security.bsd.suser_enabled: 1
security.bsd.see_other_uids: 1
security.bsd.see_other_gids: 1
security.bsd.conservative_signals: 1
security...