From owner-freebsd-hackers@FreeBSD.ORG Wed Dec 2 10:16:16 2009 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3B825106566B; Wed, 2 Dec 2009 10:16:16 +0000 (UTC) (envelope-from alexander@leidinger.net) Received: from mail.ebusiness-leidinger.de (mail.ebusiness-leidinger.de [217.11.53.44]) by mx1.freebsd.org (Postfix) with ESMTP id B6F268FC17; Wed, 2 Dec 2009 10:16:15 +0000 (UTC) Received: from outgoing.leidinger.net (pD9E2FBC5.dip.t-dialin.net [217.226.251.197]) by mail.ebusiness-leidinger.de (Postfix) with ESMTPSA id F1C3B84402B; Wed, 2 Dec 2009 11:16:07 +0100 (CET) Received: from webmail.leidinger.net (webmail.leidinger.net [192.168.1.102]) by outgoing.leidinger.net (Postfix) with ESMTP id 009F511ABE4; Wed, 2 Dec 2009 11:16:02 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=Leidinger.net; s=outgoing-alex; t=1259748963; bh=fO4qMdDcRjlFaewBC5qr5Bxf75XuivVYGdwkjCaimFc=; h=Message-ID:Date:From:To:Cc:Subject:References:In-Reply-To: MIME-Version:Content-Type:Content-Transfer-Encoding; b=v5fGcEpDvgnazgbiiZCHSL8W2GLiZlTQzGC8bkUZ56n/Dvo00alPFPpPo8a9jtuBt DCs7WdgKNxuY//SQ3ya1pWF6B9N6mIL+x9eOD/LrZaBAn6XSX6Gx5HmhehJlzW/vIU ZSpgVT2mMx4R8Tx2kAdFbsrizwDXMlf25aXljW1HoQUx9zj99AMqoKFF8xt57OFtHP p4iD0yvLYMyk2Ke1ftJBm0U3HJ6MAnR81R23iTY+oO6luAxPC0cf1KyTRnuDG1P/lU JgkXqow3+cHHXS9pkPyhNpd4rYlclxAOlEPVgr7QcEGaSbiwLSZSNzM3Lvj5cQnx0G NUWYhFMz3iQbQ== Received: (from www@localhost) by webmail.leidinger.net (8.14.3/8.13.8/Submit) id nB2AG1kE059266; Wed, 2 Dec 2009 11:16:01 +0100 (CET) (envelope-from Alexander@Leidinger.net) Received: from pslux.cec.eu.int (pslux.cec.eu.int [158.169.9.14]) by webmail.leidinger.net (Horde Framework) with HTTP; Wed, 02 Dec 2009 11:16:00 +0100 Message-ID: <20091202111600.12126yini7bmy4o4@webmail.leidinger.net> X-Priority: 3 (Normal) Date: Wed, 02 Dec 2009 11:16:00 +0100 From: Alexander Leidinger To: Linda Messerschmidt References: <20091130142950.GA86528@logik.internal.network> <20091130150127.GA82188@logik.internal.network> <237c27100912010722g2f6c4647ga82370284bc26e20@mail.gmail.com> In-Reply-To: <237c27100912010722g2f6c4647ga82370284bc26e20@mail.gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; DelSp="Yes"; format="flowed" Content-Disposition: inline Content-Transfer-Encoding: 7bit User-Agent: Internet Messaging Program (IMP) H3 (4.3.5) / FreeBSD-8.0 X-EBL-MailScanner-Information: Please contact the ISP for more information X-EBL-MailScanner-ID: F1C3B84402B.A6847 X-EBL-MailScanner: Found to be clean X-EBL-MailScanner-SpamCheck: not spam, spamhaus-ZEN, SpamAssassin (not cached, score=-1.363, required 6, autolearn=disabled, ALL_TRUSTED -1.44, DKIM_SIGNED 0.00, DKIM_VERIFIED -0.00, TW_EV 0.08) X-EBL-MailScanner-From: alexander@leidinger.net X-EBL-MailScanner-Watermark: 1260353769.46737@Om5UE66HZhgxyyirppr5EQ X-EBL-Spam-Status: No X-Mailman-Approved-At: Wed, 02 Dec 2009 12:37:16 +0000 Cc: freebsd-hackers@freebsd.org, Ivan Voras Subject: Re: UNIX domain sockets on nullfs still broken? X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Dec 2009 10:16:16 -0000 Quoting Linda Messerschmidt (from Tue, 1 Dec 2009 10:22:02 -0500): > On Mon, Nov 30, 2009 at 10:14 AM, Ivan Voras wrote: >>> What's the sane solution, then, when the only method of communication >>> is unix domain sockets? >> >> It is a security problem. I think the long-term solution would be to add a >> sysctl analogous to security.jail.param.securelevel to handle this. > > Out of curiosity, why is allowing accessing to a Unix domain socket in > a filesystem to which a jail has explicitly been allowed access more > or less secure than allowing access to a file or a devfs node in a > filesystem to which a jail has explicitly been allowed access? Answer A: There is no difference. Answer B: You open up a direct communication channel between two systems, which may not have been able to communicate before (firewall rules, ...). With files you can do something similar too, but having a socket there makes it more easy and you do not need to write extra code. It is similar to enabling SHM access in jails (currently all jails share the same SHM area). And depending on the application with the socket, you may be able to change files on the other side, to which you do not have access to otherwise (think about a daemon which changes passwords...). Answer A is good if you control what is run where and how, and if you use jails for easy data migration and program separation (lightweight virtualization). Answer B is valid if you are an ISP which rents jails (in this case you do not share a FS read-write anyway (at leat you shouldn't) and the point does not really matter). Pick the answer depending on your viewpoint / security requirements and the software you are using. As both points are valid, we should provide the possibility to have both situations working. Bye, Alexander. -- Is death legally binding? http://www.Leidinger.net Alexander @ Leidinger.net: PGP ID = B0063FE7 http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID = 72077137