From owner-freebsd-security Tue Nov 16 21:58:53 1999 Delivered-To: freebsd-security@freebsd.org Received: from critter.freebsd.dk (critter.freebsd.dk [212.242.40.131]) by hub.freebsd.org (Postfix) with ESMTP id 7D97C14DCF; Tue, 16 Nov 1999 21:58:44 -0800 (PST) (envelope-from phk@critter.freebsd.dk) Received: from critter.freebsd.dk (localhost [127.0.0.1]) by critter.freebsd.dk (8.9.3/8.9.2) with ESMTP id GAA28860; Wed, 17 Nov 1999 06:58:16 +0100 (CET) (envelope-from phk@critter.freebsd.dk) To: Yoshinobu Inoue Cc: beyssac@enst.fr, freebsd-hackers@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: Should jail treat ip-number? In-reply-to: Your message of "Wed, 17 Nov 1999 13:41:32 +0900." <19991117134132S.shin@nd.net.fujitsu.co.jp> Date: Wed, 17 Nov 1999 06:58:16 +0100 Message-ID: <28858.942818296@critter.freebsd.dk> From: Poul-Henning Kamp Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <19991117134132S.shin@nd.net.fujitsu.co.jp>, Yoshinobu Inoue writes: >solution: > Don't specify addresses via jail(2), and let kernel select > any non binded address. No, that doesn't work. People want to run servers so they want to know their IP for DNS. >A weak point of this solution is that processes in a same jail >won't be necessariliy binded to a same address, but does it >matters? Yes, that also matters, this is a administrative facility. -- Poul-Henning Kamp FreeBSD coreteam member phk@FreeBSD.ORG "Real hackers run -current on their laptop." FreeBSD -- It will take a long time before progress goes too far! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message