From owner-freebsd-current@FreeBSD.ORG  Tue Aug  5 03:56:52 2003
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 69E8937B401; Tue,  5 Aug 2003 03:56:52 -0700 (PDT)
Received: from heron.mail.pas.earthlink.net (heron.mail.pas.earthlink.net
	[207.217.120.189])	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 95ABA43FD7; Tue,  5 Aug 2003 03:56:51 -0700 (PDT)
	(envelope-from tlambert2@mindspring.com)
Received: from user-38lc05s.dialup.mindspring.com ([209.86.0.188]
	helo=mindspring.com)
	by heron.mail.pas.earthlink.net with asmtp (SSLv3:RC4-MD5:128)
	(Exim 3.33 #1)	id 19jzUo-0003Ey-00; Tue, 05 Aug 2003 03:56:51 -0700
Message-ID: <3F2F8D3B.7542C2A1@mindspring.com>
Date: Tue, 05 Aug 2003 03:55:55 -0700
From: Terry Lambert <tlambert2@mindspring.com>
X-Mailer: Mozilla 4.79 [en] (Win98; U)
X-Accept-Language: en
MIME-Version: 1.0
To: "Jacques A. Vidrine" <nectar@FreeBSD.org>
References: <Pine.NEB.3.96L.1030804083230.49165B-100000@fledge.watson.org>
	<a0600120fbb5404c90190@[10.0.1.2]> <3F2E9D7F.AFEFF672@mindspring.com>
	<20030804212340.GD10339@madman.celabo.org>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-ELNK-Trace: b1a02af9316fbb217a47c185c03b154d40683398e744b8a46b9ebc8a44981e4c04b1b0c0b8b2ac71667c3043c0873f7e350badd9bab72f9c350badd9bab72f9c
cc: Robert Watson <rwatson@freebsd.org>
cc: current@freebsd.org
Subject: Re: Any patch for ICMP in a jail?
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Aug 2003 10:56:52 -0000

"Jacques A. Vidrine" wrote:
> On Mon, Aug 04, 2003 at 10:53:03AM -0700, Terry Lambert wrote:
> > You would either lose or overexpose root-restricted functionality,
> > such as flood-ping.
> 
> Eh?  Why?  pingd can know your credentials.

Through the credential passing?  I thought that wasn't reliable
for this type of thing.  Specifically, the jail would be in an
untrusted protection domain; if you just accepted the credential
blindly, then anyone could be root in the jail, and you could not
trust it.

If you didn't accept it blindly, then regular root loses existing
functionality.

I'm pretty sure that, at least the last time I looke at it, the
credential passing code didn't pass information about jail status.

Yeah, it's doable, but it's not as small amount of work as this
discussion so far has implied.  Mostly, certain capabilities are
going to end up lost.

BTW: the main reason for a pingd when dealing with jails isn't
about increased security, it's about routing the responses to the
appropriate sender.

The way Novell dealt with this in IPX was to define an internal
network interface that was routed from other internal network
interfaces: in effect, they added an internal router hop.

-- Terry