GitHub - wojtekka/bindprivs

Branches Tags

Name		Name	Last commit message	Last commit date
Latest commit History 17 Commits
.files		.files
COPYING		COPYING
Makefile		Makefile
README		README
TODO		TODO
bindprivs.c		bindprivs.c
bindprivs.conf.5		bindprivs.conf.5
bindprivs.h		bindprivs.h
bpset.8		bpset.8
bpset.c		bpset.c
make-tarball.sh		make-tarball.sh
reload.sh		reload.sh

Repository files navigation

    bindprivs 0.6
    (c) 1999-2002 by wojtek kaniewski
    licensed under terms of GPL v2
    
intro:
    this little silly kernel module can be used to restrict virtual host
    to some particular users. read bindprivs.conf(5) and bpset(8) for
    more details.

rmmod issue:
    before removing the module, you have to use ,,bpset -u'', wait until
    it is unused (see lsmod's result) and then use ,,rmmod''. if after
    unusually long time the module is still used, try to look for some
    network-related processes, strace(1) them and check which ones are
    stuck on some socketcall like accept(), connect(), send() or recv().
    then kill them. the other way is to look for network-related kernel
    functions in ,,ps -o wchan -o cmd ax''.

    if you have a ppp session running, send any packet through that link
    after ,,bpset -u'' to release the module.

compilation:
    if you get lots of errors about conflicting types, add ,,#define
    _LOOSE_KERNEL_NAMES'' at top of bindprivs.c

cvs:
    cvs -d:pserver:anonymous@dev.null.pl:/home/cvs co bindprivs

contact:
    DON'T contact me if you haven't read these docs or your system is
    broken. if you don't know how to deal with this package, you probably
    shouldn't be using it, or else you could get hurt. if you've found
    some mistake, some bug or some strange behaviour, feel free to write.
    
betatesters:
    - Kuba 'Kooba' Jermak <kooba@kooba.net>,
    - Lam <lam@lac.pl>,
    - SoboL <sobol@sobol.org>.

changelog:
    - 0.6 (2003-06-12)
        + no complaints,
	+ files put into CVS.
    - 0.6-beta3 (2002-11-25)
        + removed no longer needed cleanup_module() code,
    - 0.6-beta2 (2002-11-23)
        + cleanups,
    - 0.6-beta1 (2002-11-21)
	+ serious bug in rule matching found by Lam has been fixed
	  (IPv6 addresses were matched against IPv4 rules and vice
	  versa, so it lead to false results),
	+ gcc 3.x warnings fixed,
        + documentation fixed.
    - 0.5 (2002-05-29)
        + bugfix release, now compiles with grsecurity thanks to Borys
	  Pogore³o <boryspo@leszno.edu.pl>.
    - 0.4 (2002-05-25)
        + no one complained, so moving to stable.
    - 0.4-beta1 (2002-05-08)
	+ kernel tree 2.4 is now supported as well as 2.2.
	+ changed behaviour to check the address before connect(), not while
	  bind()ing. it makes possible to deny even the default address, which
	  is 0.0.0.0/32.
	+ before unloading the module, you should run ,,bpset -u'' to release
	  all future socket operations.
	+ some framework for forcing the address. disabled by default.
	+ updated docs.
    - 0.3 (2000-10-05)
 	+ got rid of kernel 2.0 support (not really needed).
	+ rules configuration from userland.
    - 0.2 (1999-11-18)
	+ cosmetics (mainly thanks and greets).
	+ fixed `any' address (didn't work).
	+ kernel 2.0 support (thanks to fahren).
    - 0.1 (1999-11-17)
	+ first public release.