Date: Wed, 10 Nov 1999 01:39:13 +0100 From: Pierre Beyssac <beyssac@enst.fr> To: Yoshinobu Inoue <shin@nd.net.fujitsu.co.jp>, freebsd-hackers@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: Should jail treat ip-number? Message-ID: <19991110013913.A5181@enst.fr> In-Reply-To: <19991109125445E.shin@nd.net.fujitsu.co.jp>; from Yoshinobu Inoue on Tue, Nov 09, 1999 at 12:54:45PM %2B0900 References: <19991109125445E.shin@nd.net.fujitsu.co.jp>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Nov 09, 1999 at 12:54:45PM +0900, Yoshinobu Inoue wrote: > Currentlly jail set an ip-number and let prisoned processes > only to bind it. [ the current jail(2) interface and its future WRT IPv6 ] > I think kernel change will not so much for any above addition > or changes, but there will be some backword compatibility > issue for API. (some member addition to the jail structure, > and jail command extensions) There's been a discussion a few weeks ago on freebsd-security on this very matter. See attached mail below. The conclusion was that jail(2) should be fixed to use a sockaddr instead of a 32 bit int to specify the address. That seems to be the first logical step, even before making jail(2) IPv6-compliant. Pierre Date: Sun, 19 Sep 1999 11:58:39 -0400 (EDT) From: Garrett Wollman <wollman@khavrinen.lcs.mit.edu> Message-Id: <199909191558.LAA64750@khavrinen.lcs.mit.edu> To: Matthew Dillon <dillon@apollo.backplane.com> Cc: Poul-Henning Kamp <phk@critter.freebsd.dk>, security@FreeBSD.ORG Subject: Re: BPF on in 3.3-RC GENERIC kernel In-Reply-To: <199909190551.WAA68627@apollo.backplane.com> References: <12516.937680952@critter.freebsd.dk> <199909190551.WAA68627@apollo.backplane.com> <<On Sat, 18 Sep 1999 22:51:14 -0700 (PDT), Matthew Dillon <dillon@apollo.backplane.com> said: > struct sockaddr is the standard for specifying an IP address. Jail > isn't using it, not even for IPV4. It's using an unsigned 32 bit int. > Hell, it isn't even using a struct in_addr! The field is plain and > simply inappropriately specified in the structure. For once, I agree with Matt. As titular networking czar, I'm asking you, Poul, to please fix the interface. -GAWollman -- Garrett A. Wollman | O Siem / We are all family / O Siem / We're all the same wollman@lcs.mit.edu | O Siem / The fires of freedom Opinions not those of| Dance in the burning flame MIT, LCS, CRS, or NSA| - Susan Aglukark and Chad Irschick To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19991110013913.A5181>