Date: Tue, 05 Aug 2003 03:55:55 -0700 From: Terry Lambert <tlambert2@mindspring.com> To: "Jacques A. Vidrine" <nectar@FreeBSD.org> Cc: current@freebsd.org Subject: Re: Any patch for ICMP in a jail? Message-ID: <3F2F8D3B.7542C2A1@mindspring.com> References: <Pine.NEB.3.96L.1030804083230.49165B-100000@fledge.watson.org> <a0600120fbb5404c90190@[10.0.1.2]> <3F2E9D7F.AFEFF672@mindspring.com> <20030804212340.GD10339@madman.celabo.org>
next in thread | previous in thread | raw e-mail | index | archive | help
"Jacques A. Vidrine" wrote: > On Mon, Aug 04, 2003 at 10:53:03AM -0700, Terry Lambert wrote: > > You would either lose or overexpose root-restricted functionality, > > such as flood-ping. > > Eh? Why? pingd can know your credentials. Through the credential passing? I thought that wasn't reliable for this type of thing. Specifically, the jail would be in an untrusted protection domain; if you just accepted the credential blindly, then anyone could be root in the jail, and you could not trust it. If you didn't accept it blindly, then regular root loses existing functionality. I'm pretty sure that, at least the last time I looke at it, the credential passing code didn't pass information about jail status. Yeah, it's doable, but it's not as small amount of work as this discussion so far has implied. Mostly, certain capabilities are going to end up lost. BTW: the main reason for a pingd when dealing with jails isn't about increased security, it's about routing the responses to the appropriate sender. The way Novell dealt with this in IPX was to define an internal network interface that was routed from other internal network interfaces: in effect, they added an internal router hop. -- Terry
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3F2F8D3B.7542C2A1>