Date: Sun, 04 Sep 2011 21:27:51 +0000 From: Poul-Henning Kamp <phk@phk.freebsd.dk> To: freebsd-security@freebsd.org Subject: VIMAGE and OpenVPN idea... Message-ID: <3947.1315171671@critter.freebsd.dk>
next in thread | raw e-mail | index | archive | help
Here is an idea for an interesting little project: Imagine a firewall where all the external interfaces are confined in a jail which has no IP-connectivity to the rest of the machine. Start OpenVPN outside the jail, have it setup a two-way pipe and fork a childprocess, which attaches to the jail and performs out all public-side socket operations inside the jail, passing only the raw encrypted packets over the pipe. Tada: Nothing in the jail can be hacked... Only problem is: OpenVPN doesn't know this trick. But how hard could that be ? Somebody[tm] should do that... -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3947.1315171671>