Date: Mon, 28 Feb 2005 19:10:42 +0100 From: "Devon H. O'Dell" <dodell@offmyserver.com> To: Jan Grant <Jan.Grant@bristol.ac.uk> Cc: freebsd-arch@FreeBSD.org Subject: Re: bind() on 127.0.0.1 in jail: bound to the outside address? Message-ID: <1109614242.3934.101.camel@localhost.localdomain> In-Reply-To: <Pine.GSO.4.61.0502281643320.18097@mail.ilrt.bris.ac.uk> References: <20050228162548.GA57140@frontfree.net> <Pine.GSO.4.61.0502281643320.18097@mail.ilrt.bris.ac.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 2005-02-28 at 16:48 +0000, Jan Grant wrote: > On Tue, 1 Mar 2005, Xin LI wrote: > > > Your ideas are highly appreciated! > > It's not minimal, but assuming that it's desirable that processes > listening on loopback sockets shouldn't collide outside the jail, one > approach might be as follows: > > - get jails to the point where they can manage more than one IP address > per jail; > - a jail config will then include an alias on the loopback address > (127.0.0.2, ...) > > unfortunately like all jail extensions this has other problems - for > instance, the close association of a jail to "its IP address" is broken > by this. While this might be a known issue, I really think this should be seen as a bug, and it's a security issue as well IMO. I know Samy Bahra has some (experimental) work[1] with giving jails a different unique identifier and conglomerating jails. This work on its own might give something useful for implementing something to solve this issue. I can certainly understand the security issues with jails using loopback sockets. Certainly very many daemon processes make use of them for various reasons (client / server communication in databases, etc) and presenting them to an outside address is simply broken. Binding to a local address that turns out to not be local can be a big hazard for several control daemons that I can think of off the top of my head. It's also not always possible to replace these with UDS solutions; some things I can think of are closed source. I'm sorry to bring up an old issue, but what are the current reasons / issues with the PJD MIP jail patches that it is not committable? Kind regards, Devon H. O'Dell [1] http://samy.kerneled.org/wordpress/index.php?p=7
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1109614242.3934.101.camel>