Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 05 Aug 2003 03:55:55 -0700
From:      Terry Lambert <tlambert2@mindspring.com>
To:        "Jacques A. Vidrine" <nectar@FreeBSD.org>
Cc:        current@freebsd.org
Subject:   Re: Any patch for ICMP in a jail?
Message-ID:  <3F2F8D3B.7542C2A1@mindspring.com>
References:  <Pine.NEB.3.96L.1030804083230.49165B-100000@fledge.watson.org> <a0600120fbb5404c90190@[10.0.1.2]> <3F2E9D7F.AFEFF672@mindspring.com> <20030804212340.GD10339@madman.celabo.org>

next in thread | previous in thread | raw e-mail | index | archive | help
"Jacques A. Vidrine" wrote:
> On Mon, Aug 04, 2003 at 10:53:03AM -0700, Terry Lambert wrote:
> > You would either lose or overexpose root-restricted functionality,
> > such as flood-ping.
> 
> Eh?  Why?  pingd can know your credentials.

Through the credential passing?  I thought that wasn't reliable
for this type of thing.  Specifically, the jail would be in an
untrusted protection domain; if you just accepted the credential
blindly, then anyone could be root in the jail, and you could not
trust it.

If you didn't accept it blindly, then regular root loses existing
functionality.

I'm pretty sure that, at least the last time I looke at it, the
credential passing code didn't pass information about jail status.

Yeah, it's doable, but it's not as small amount of work as this
discussion so far has implied.  Mostly, certain capabilities are
going to end up lost.

BTW: the main reason for a pingd when dealing with jails isn't
about increased security, it's about routing the responses to the
appropriate sender.

The way Novell dealt with this in IPX was to define an internal
network interface that was routed from other internal network
interfaces: in effect, they added an internal router hop.

-- Terry



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3F2F8D3B.7542C2A1>