From owner-freebsd-security Thu Nov 18 4: 1:58 1999 Delivered-To: freebsd-security@freebsd.org Received: from wit395301.student.utwente.nl (wit395301.student.utwente.nl [130.89.235.121]) by hub.freebsd.org (Postfix) with ESMTP id A2D9515105; Thu, 18 Nov 1999 04:01:53 -0800 (PST) (envelope-from jeroen@vangelderen.org) Received: from [10.235.121.14] (helo=vangelderen.org) by wit395301.student.utwente.nl with esmtp (Exim 2.05 #1) id 11oQCc-00056Q-00; Thu, 18 Nov 1999 12:58:14 +0100 Message-ID: <3833E9AB.13864ECA@vangelderen.org> Date: Thu, 18 Nov 1999 12:57:31 +0100 From: "Jeroen C. van Gelderen" X-Mailer: Mozilla 4.61 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Yoshinobu Inoue Cc: phk@critter.freebsd.dk, beyssac@enst.fr, freebsd-hackers@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: Should jail treat ip-number? References: <19991117153126C.shin@nd.net.fujitsu.co.jp> <289.942825543@critter.freebsd.dk> <199911172340.PAA23345@gndrsh.dnsmgr.net> <19991118042404X.shin@nd.net.fujitsu.co.jp> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Yoshinobu Inoue wrote: > If explicit needs for "multiple addrs per address family" are > not clear now, I would like to try to implement just adding > ip6_number member for this time. I think sockaddrs are better because it allows you to change to multiple IP-support without changing the interface again. Or you can add IPX (whatever) support without disturbing existing applications... I'd say (but I'm not a real hacker) make jail accept a list of sockaddrs and -for now- disallow anything except a single IPv4 and a single IPv6 address in that list. I'm now pretty sure multiple IPs per jail is a good idea, but you can easily defer implementation to some point in the future... Cheers, Jeroen -- Jeroen C. van Gelderen - jeroen@vangelderen.org Interesting read: http://www.vcnet.com/bms/ JLF To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message