From owner-freebsd-arch@FreeBSD.ORG Mon Feb 28 18:10:52 2005 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 41F3B16A4CE for ; Mon, 28 Feb 2005 18:10:52 +0000 (GMT) Received: from smtpq3.home.nl (smtpq3.home.nl [213.51.128.198]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8DBCF43D55 for ; Mon, 28 Feb 2005 18:10:51 +0000 (GMT) (envelope-from dodell@offmyserver.com) Received: from [213.51.128.134] (port=39527 helo=smtp3.home.nl) by smtpq3.home.nl with esmtp (Exim 4.30) id 1D5pLy-0001ED-OK; Mon, 28 Feb 2005 19:10:46 +0100 Received: from cc740438-a.deven1.ov.home.nl ([82.72.18.239]:34416 helo=192.168.1.104) by smtp3.home.nl with esmtp (Exim 4.30) id 1D5pLv-0000XB-Qb; Mon, 28 Feb 2005 19:10:43 +0100 From: "Devon H. O'Dell" To: Jan Grant In-Reply-To: References: <20050228162548.GA57140@frontfree.net> Content-Type: text/plain Organization: Offmyserver, Inc. Date: Mon, 28 Feb 2005 19:10:42 +0100 Message-Id: <1109614242.3934.101.camel@localhost.localdomain> Mime-Version: 1.0 X-Mailer: Evolution 2.0.2 (2.0.2-3) Content-Transfer-Encoding: 7bit X-AtHome-MailScanner-Information: Please contact support@home.nl for more information X-AtHome-MailScanner: Found to be clean cc: freebsd-arch@FreeBSD.org Subject: Re: bind() on 127.0.0.1 in jail: bound to the outside address? X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Feb 2005 18:10:52 -0000 On Mon, 2005-02-28 at 16:48 +0000, Jan Grant wrote: > On Tue, 1 Mar 2005, Xin LI wrote: > > > Your ideas are highly appreciated! > > It's not minimal, but assuming that it's desirable that processes > listening on loopback sockets shouldn't collide outside the jail, one > approach might be as follows: > > - get jails to the point where they can manage more than one IP address > per jail; > - a jail config will then include an alias on the loopback address > (127.0.0.2, ...) > > unfortunately like all jail extensions this has other problems - for > instance, the close association of a jail to "its IP address" is broken > by this. While this might be a known issue, I really think this should be seen as a bug, and it's a security issue as well IMO. I know Samy Bahra has some (experimental) work[1] with giving jails a different unique identifier and conglomerating jails. This work on its own might give something useful for implementing something to solve this issue. I can certainly understand the security issues with jails using loopback sockets. Certainly very many daemon processes make use of them for various reasons (client / server communication in databases, etc) and presenting them to an outside address is simply broken. Binding to a local address that turns out to not be local can be a big hazard for several control daemons that I can think of off the top of my head. It's also not always possible to replace these with UDS solutions; some things I can think of are closed source. I'm sorry to bring up an old issue, but what are the current reasons / issues with the PJD MIP jail patches that it is not committable? Kind regards, Devon H. O'Dell [1] http://samy.kerneled.org/wordpress/index.php?p=7