From owner-freebsd-security@FreeBSD.ORG Sun Jul 3 01:01:37 2005 Return-Path: X-Original-To: freebsd-security@FreeBSD.org Delivered-To: freebsd-security@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D13F116B294; Sun, 3 Jul 2005 01:01:25 +0000 (GMT) (envelope-from ps@mu.org) Received: from elvis.mu.org (elvis.mu.org [192.203.228.196]) by mx1.FreeBSD.org (Postfix) with ESMTP id A039A44AFF; Sun, 3 Jul 2005 00:50:25 +0000 (GMT) (envelope-from ps@mu.org) Received: by elvis.mu.org (Postfix, from userid 1000) id 7B0715DE18; Sat, 2 Jul 2005 17:08:11 -0700 (PDT) X-Original-To: ps@mu.org Delivered-To: ps@mu.org Received: from mx2.freebsd.org (mx2.freebsd.org [216.136.204.119]) by elvis.mu.org (Postfix) with ESMTP id 490F85C98B for ; Mon, 28 Feb 2005 08:26:29 -0800 (PST) Received: from hub.freebsd.org (hub.freebsd.org [216.136.204.18]) by mx2.freebsd.org (Postfix) with ESMTP id 0350155FBB; Mon, 28 Feb 2005 16:26:29 +0000 (GMT) (envelope-from owner-freebsd-arch@freebsd.org) Received: from hub.freebsd.org (localhost [127.0.0.1]) by hub.freebsd.org (Postfix) with ESMTP id 1EC5A16A4D6; Mon, 28 Feb 2005 16:26:28 +0000 (GMT) Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F20EE16A4CE for ; Mon, 28 Feb 2005 16:26:23 +0000 (GMT) Received: from mail.freebsd.org.cn (dns3.freebsd.org.cn [61.129.66.75]) by mx1.FreeBSD.org (Postfix) with SMTP id ED66143D39 for ; Mon, 28 Feb 2005 16:26:20 +0000 (GMT) (envelope-from delphij@frontfree.net) Received: (qmail 57449 invoked by uid 0); 28 Feb 2005 16:17:03 -0000 Received: from unknown (HELO beastie.frontfree.net) (219.239.99.7) by mail.freebsd.org.cn with SMTP; 28 Feb 2005 16:17:03 -0000 Received: from localhost (localhost.frontfree.net [127.0.0.1]) by beastie.frontfree.net (Postfix) with ESMTP id 1CF591321B9; Tue, 1 Mar 2005 00:26:00 +0800 (CST) Received: from beastie.frontfree.net ([127.0.0.1]) by localhost (beastie.frontfree.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 67934-04; Tue, 1 Mar 2005 00:25:48 +0800 (CST) Received: by beastie.frontfree.net (Postfix, from userid 1001) id 1C369135C87; Tue, 1 Mar 2005 00:25:48 +0800 (CST) From: Xin LI To: freebsd-arch@FreeBSD.org, freebsd-security@FreeBSD.org Message-ID: <20050228162548.GA57140@frontfree.net> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="KsGdsel6WgEHnImy" Content-Disposition: inline User-Agent: Mutt/1.4.2.1i X-GPG-key-ID/Fingerprint: 0xCAEEB8C0 / 43B8 B703 B8DD 0231 B333 DC28 39FB 93A0 CAEE B8C0 X-GPG-Public-Key: http://www.delphij.net/delphij.asc X-Operating-System: FreeBSD beastie.frontfree.net 5.3-RELEASE-p2 FreeBSD 5.3-RELEASE-p2 #15: Wed Dec 15 10:43:16 CST 2004 delphij@beastie.frontfree.net:/usr/obj/usr/src/sys/BEASTIE i386 X-URL: http://www.delphij.net X-By: delphij@beastie.frontfree.net X-Location: Beijing, China X-Virus-Scanned: by amavisd-new at frontfree.net X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Sender: owner-freebsd-arch@freebsd.org Errors-To: owner-freebsd-arch@freebsd.org X-Spam-Checker-Version: SpamAssassin 3.0.2 (2004-11-16) on elvis.mu.org X-Spam-Status: No, score=-2.6 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.0.2 X-Spam-Level: Cc: Subject: bind() on 127.0.0.1 in jail: bound to the outside address? X-BeenThere: freebsd-security@freebsd.org List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Sun, 03 Jul 2005 01:01:39 -0000 X-Original-Date: Tue, 1 Mar 2005 00:25:48 +0800 X-List-Received-Date: Sun, 03 Jul 2005 01:01:39 -0000 --KsGdsel6WgEHnImy Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Dear folks, It seems that doing bind() inside a jail (whose IP address is an outside address), will result in some wierd behavior, that the actual bind is done on the outside address. For example, binding to 127.0.0.1:6666 inside a jail addressed 192.168.1.1, will finally result in a bind to 192.168.1.1:6666. With this in mind, it is possible that some formerly secure configuration fail in jail environment. It seems that our implementation will forward every loopback connection to the outside address. A simple hack to work around this issue might be to modify the individual bind procedures to treat prison case with loopback address, but I'm not sure if a true solution can solve the issue with minimum code change and code complexity. Your ideas are highly appreciated! Cheers, --=20 Xin LI http://www.delphij.net/ See complete headers for GPG key and other information. --KsGdsel6WgEHnImy Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (FreeBSD) iD8DBQFCI0YM/cVsHxFZiIoRAnqIAJ9POX6OwQUb9k8jOQcNmdyEanmutwCeLQaA rxIUQwv4OU3t2ziOu5defsQ= =li2c -----END PGP SIGNATURE----- --KsGdsel6WgEHnImy--