Re: [ronvdaal@zarathustra.linux666.com: Possible security issue
--a8Wt8u1KmwUX3Y2C
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On 2005.07.14 09:26:56 -0700, Avleen Vig wrote:
> This message was sent to bugtraq today:
Please see the thread on full-disclosure as to why this is not an
issue.
http://lists.grok.org.uk/pipermail/full-disclosure/2005-July/035036.html
Unfortunately the poster sent separate mails to full-disclosure and
bugtraq, so the followups where only set to full-disclosure (since we
saw the mail first there).
> While playing around with FreeBSD 5.4 and jailing I discovered that it was
> possible to put an ethernet interface into promiscious mode from within t=
he
> jailed environment, allowing a packetsniffer to gather data not meant for
> the jailed box. This also affects FreeBSD 5.3 (tested) but not FreeBSD 4.=
x=20
> This can be reproduced on boxes where BPF support is enabled in the kerne=
l=20
> and a BPF device is available in the jail (badly configured devfs/no rule=
s)
[...]
--=20
Simon L. Nielsen
--a8Wt8u1KmwUX3Y2C
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (FreeBSD)
iD8DBQFC1phih9pcDSc1mlERArK8AKCyjLnHW4VZ/1e2lOv2dcuQp8QNYgCgsBzl
D9EMAVDLnjkIlvqxD/V61Mk=
=GDb9
-----END PGP SIGNATURE-----
--a8Wt8u1KmwUX3Y2C--
討論串 (同標題文章)
完整討論串 (本文為第 1 之 2 篇):