Date: Mon, 28 Aug 2006 09:38:44 -0400 From: Mike Meyer <mwm-keyword-freebsdhackers2.e313df@mired.org> To: Fabian Keil <freebsd-listen@fabiankeil.de> Cc: Dirk Engling <erdgeist@erdgeist.org>, hackers@freebsd.org Subject: Re: jails, cron and sendmail Message-ID: <17650.61924.263953.172573@bhuda.mired.org> In-Reply-To: <20060828150039.21e8bd4a@localhost> References: <44F0E38F.5030809@erdgeist.org> <17648.59470.572563.377998@bhuda.mired.org> <20060827052733.F16322@erdgeist.org> <17649.9146.307818.780974@bhuda.mired.org> <44F1B7B7.9090701@erdgeist.org> <17649.54252.987757.501860@bhuda.mired.org> <20060828150039.21e8bd4a@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
In <20060828150039.21e8bd4a@localhost>, Fabian Keil <freebsd-listen@fabiankeil.de> typed: > Mike Meyer <mwm-keyword-freebsdhackers2.e313df@mired.org> wrote: > > > In <44F1B7B7.9090701@erdgeist.org>, Dirk Engling <erdgeist@erdgeist.org> typed: > > > > > The default configuration doesn't expose sendmail to the publicly > > > > visible IP addres. The daemon it runs only listens for connections to > > > > the localhost address. > > > Which is rewritten to the jails (externally visible) address on a connect() > > Yup. I wasn't aware of that strange behavior of jails. That should be > > fixed. > Fixed how? Disallow jailed applications to connect to 127.0.0.1, > and thus break most of them, or have them reach 127.0.0.1 on the > host system and weaken the security? > > > I think the better fix would be to make jails not expose their > > localhost IP address to the outside world. > Exactly. Ok, I'm confused. Exactly how is fixing jails to not expose their localhost IP address to the outside world not fixing this strange behavior of jails? <mike -- Mike Meyer <mwm@mired.org> http://www.mired.org/consulting.html Independent Network/Unix/Perforce consultant, email for more information.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?17650.61924.263953.172573>