From owner-freebsd-current@FreeBSD.ORG  Mon Aug  4 05:49:10 2003
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 2704337B401; Mon,  4 Aug 2003 05:49:10 -0700 (PDT)
Received: from vhost109.his.com (vhost109.his.com [216.194.225.101])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 14EA443FA3; Mon,  4 Aug 2003 05:49:09 -0700 (PDT)
	(envelope-from brad.knowles@skynet.be)
Received: from [10.0.1.2] (localhost.his.com [127.0.0.1])
	by vhost109.his.com (8.12.6p2/8.12.3) with ESMTP id h74Cn3tS007715;
	Mon, 4 Aug 2003 08:49:04 -0400 (EDT)
	(envelope-from brad.knowles@skynet.be)
Mime-Version: 1.0
X-Sender: bs663385@pop.skynet.be
Message-Id: <a0600120fbb5404c90190@[10.0.1.2]>
In-Reply-To: 
 <Pine.NEB.3.96L.1030804083230.49165B-100000@fledge.watson.org>
References: 
 <Pine.NEB.3.96L.1030804083230.49165B-100000@fledge.watson.org>
Date: Mon, 4 Aug 2003 14:42:50 +0200
To: Robert Watson <rwatson@freebsd.org>
From: Brad Knowles <brad.knowles@skynet.be>
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
cc: current@freebsd.org
Subject: Re: Any patch for ICMP in a jail?
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Aug 2003 12:49:10 -0000

At 8:35 AM -0400 2003/08/04, Robert Watson wrote:

>       The best short-term suggestion would be to write a
>  privilege-separated ping tool -- a pingd running outside the jail,
>  providing UNIX domain sockets in each jail that needs the ability to ping;
>  ping then becomes a client that RPC's to pingd.

	It strikes me that this is probably a better solution to the 
problem regardless of whether or not you are in a jail.  By carefully 
controlling the RPC interface, you should be able to reduce the 
security exposure, simplify pingd, and bring more of the complex 
logic into the unprivileged ping client.

	This would also allow you to apply the same solution for jail vs. 
non-jail environments.


	Is this a future enhancement that we can realistically look forward to?

-- 
Brad Knowles, <brad.knowles@skynet.be>

"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
     -Benjamin Franklin, Historical Review of Pennsylvania.

GCS/IT d+(-) s:+(++)>: a C++(+++)$ UMBSHI++++$ P+>++ L+ !E-(---) W+++(--) N+
!w--- O- M++ V PS++(+++) PE- Y+(++) PGP>+++ t+(+++) 5++(+++) X++(+++) R+(+++)
tv+(+++) b+(++++) DI+(++++) D+(++) G+(++++) e++>++++ h--- r---(+++)* z(+++)