https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=217728
Bug ID: 217728
Summary: [patch] restrict access to reserved ports in jails
Product: Base System
Version: CURRENT
Hardware: Any
OS: Any
Status: New
Keywords: patch
Severity: Affects Only Me
Priority: ---
Component: kern
Assignee: [email protected]
Reporter: [email protected]
Keywords: patch
Created attachment 180751
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=180751&action=edit
patch to add the allow.reserved_port option to jail(8)
The attached patch adds a new jail(8) configuration option to deny the use of
reserved ports inside jail. This is intended for use in shared-IP jails that
set the "ipv4=inherit" option, and would not be useful in VNET-enabled jails.
The primary use case is for delegating jail administration to ordinary users
who would otherwise not be allowed access to run services reserved ports.
Without this patch, ordinary users who have root privileges inside a shared-IP
jail have the ability to run services that potentially conflict with the host,
such as SSH or Sendmail.
--
You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________
[email protected] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "[email protected]"
