Date: Sat, 18 Sep 1999 20:55:52 +0200 From: Poul-Henning Kamp <phk@critter.freebsd.dk> To: Matthew Dillon <dillon@apollo.backplane.com> Cc: "Rodney W. Grimes" <freebsd@gndrsh.dnsmgr.net>, imp@village.org (Warner Losh), liam@tiora.net (Liam Slusser), kdrobnac@mission.mvnc.edu (Kenny Drobnack), Harry_M_Leitzell@cmu.edu (Harry M. Leitzell), security@FreeBSD.ORG Subject: Re: BPF on in 3.3-RC GENERIC kernel Message-ID: <12516.937680952@critter.freebsd.dk> In-Reply-To: Your message of "Sat, 18 Sep 1999 11:39:13 PDT." <199909181839.LAA66478@apollo.backplane.com>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <199909181839.LAA66478@apollo.backplane.com>, Matthew Dillon writes: > Let me put it this way: Passing an unsigned 32 bit integer is obviously > the *WRONG* type of argument to pass for an IP address considering that > just about every single other system call takes a sockaddr of one sort > or another. Jail(2) as it stands today is an IPv4 facility, and only that. The interface is specified to make sure people don't miss this important fact. I have not yet been able to find sufficient information on how multihoming and resource location will work in IPv6 to determine if jail(2) will even be possible for IPv6. If you are able to design a protocol independent jail(2) facility I really think you should do so. For starters you can make it work for the appletalk and ipx stacks we have in the kernel. Remember: jail(2) is a security function, not a networking function. -- Poul-Henning Kamp FreeBSD coreteam member phk@FreeBSD.ORG "Real hackers run -current on their laptop." FreeBSD -- It will take a long time before progress goes too far! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?12516.937680952>