Date: Mon, 28 Aug 2006 09:21:52 -0700 From: David King <dking@ketralnis.com> To: freebsd-hackers@freebsd.org Subject: Re: jails, cron and sendmail Message-ID: <2F8CA526-B1E8-4427-90A6-8FA8B56D0CF3@ketralnis.com> In-Reply-To: <20060828150039.21e8bd4a@localhost> References: <44F0E38F.5030809@erdgeist.org> <17648.59470.572563.377998@bhuda.mired.org> <20060827052733.F16322@erdgeist.org> <17649.9146.307818.780974@bhuda.mired.org> <44F1B7B7.9090701@erdgeist.org> <17649.54252.987757.501860@bhuda.mired.org> <20060828150039.21e8bd4a@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
>>>> The default configuration doesn't expose sendmail to the publicly >>>> visible IP addres. The daemon it runs only listens for >>>> connections to >>>> the localhost address. >>> Which is rewritten to the jails (externally visible) address on a >>> connect() >> Yup. I wasn't aware of that strange behavior of jails. That should be >> fixed. > Fixed how? Disallow jailed applications to connect to 127.0.0.1, > and thus break most of them, or have them reach 127.0.0.1 on the > host system and weaken the security? Would it be too much to ask to let the system keep lo0, and give the first jail lo1, the second jail lo2...? That is, a separate loopback for each jail?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2F8CA526-B1E8-4427-90A6-8FA8B56D0CF3>