From lx@redundancy.redundancy.org  Mon Jul  9 20:20:40 2012
Return-Path: <lx@redundancy.redundancy.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 0D8D1106564A
	for <FreeBSD-gnats-submit@freebsd.org>; Mon,  9 Jul 2012 20:20:40 +0000 (UTC)
	(envelope-from lx@redundancy.redundancy.org)
Received: from redundancy.redundancy.org (75-101-96-57.dsl.static.sonic.net [75.101.96.57])
	by mx1.freebsd.org (Postfix) with SMTP id CA14B8FC16
	for <FreeBSD-gnats-submit@freebsd.org>; Mon,  9 Jul 2012 20:20:39 +0000 (UTC)
Received: (qmail 84932 invoked by uid 1001); 9 Jul 2012 20:17:04 -0000
Message-Id: <20120709201704.84931.qmail@redundancy.redundancy.org>
Date: 9 Jul 2012 20:17:04 -0000
From: David Thiel <lx@redundancy.redundancy.org>
Reply-To: David Thiel <lx@redundancy.redundancy.org>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: reading routing information does not work in jails
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         169751
>Category:       kern
>Synopsis:       [jail] reading routing information does not work in jails
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-jail
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Jul 09 20:30:10 UTC 2012
>Closed-Date:    
>Last-Modified:  Mon Jul 16 03:11:23 UTC 2012
>Originator:     David Thiel
>Release:        FreeBSD 9.0-RELEASE amd64
>Organization:
>Environment:
System: FreeBSD redundancy.redundancy.org 9.0-RELEASE FreeBSD 9.0-RELEASE #0: Tue Jan 3 07:46:30 UTC 2012 root@farrell.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC amd64

>Description:

Processes do not appear to be able to open routing sockets within jails, 
regardless of the setting of the security.jail.socket_unixiproute_only or 
security.jail.allow_raw_sockets sysctls. This manifests as not being able to 
use commands such as "route get" or "nmap" SYN scans. While it is 
understandable that one should not be able to write to routing sockets from a 
non-VIMAGE jail, being able to read this information is quite useful 
functionality (critical, in my case).

http://marc.info/?l=freebsd-stable&m=133590147421290&w=2
http://seclists.org/nmap-dev/2012/q2/220

>How-To-Repeat:

Outside of a jail:

    [dthiel@host ~ 1350 ] sudo route get asdf.com
       route to: apache2-emu.malabo.dreamhost.com
    destination: default
           mask: default
        gateway: 210.15.12.11
      interface: em0
          flags: <UP,GATEWAY,DONE,STATIC>
     recvpipe  sendpipe  ssthresh  rtt,msec    mtu        weight    expire
           0         0         0         0      1500         1         0 

Inside jail:

    [dthiel@host ~ 1347 ] sudo jexec 15 /bin/sh 
    # route get asdf.com
    route: writing to routing socket: No such process
    
    # nmap freebsd.org
    
    Starting Nmap 6.00 ( http://nmap.org ) at 2012-07-09 20:08 UTC
    nexthost: failed to determine route to freebsd.org (69.147.83.40)
    QUITTING!

>Fix:

>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->freebsd-jail 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Mon Jul 16 03:11:06 UTC 2012 
Responsible-Changed-Why:  
Over to maintainer(s). 

http://www.freebsd.org/cgi/query-pr.cgi?pr=169751 
>Unformatted:
