bind() on 127.0.0.1 in jail: bound to the outside address?
Devon H. O'Dell
dodell at offmyserver.com
Mon Feb 28 18:10:52 GMT 2005
On Mon, 2005-02-28 at 16:48 +0000, Jan Grant wrote:
> On Tue, 1 Mar 2005, Xin LI wrote:
>
> > Your ideas are highly appreciated!
>
> It's not minimal, but assuming that it's desirable that processes
> listening on loopback sockets shouldn't collide outside the jail, one
> approach might be as follows:
>
> - get jails to the point where they can manage more than one IP address
> per jail;
> - a jail config will then include an alias on the loopback address
> (127.0.0.2, ...)
>
> unfortunately like all jail extensions this has other problems - for
> instance, the close association of a jail to "its IP address" is broken
> by this.
While this might be a known issue, I really think this should be seen as
a bug, and it's a security issue as well IMO.
I know Samy Bahra has some (experimental) work[1] with giving jails a
different unique identifier and conglomerating jails. This work on its
own might give something useful for implementing something to solve this
issue.
I can certainly understand the security issues with jails using loopback
sockets. Certainly very many daemon processes make use of them for
various reasons (client / server communication in databases, etc) and
presenting them to an outside address is simply broken. Binding to a
local address that turns out to not be local can be a big hazard for
several control daemons that I can think of off the top of my head. It's
also not always possible to replace these with UDS solutions; some
things I can think of are closed source.
I'm sorry to bring up an old issue, but what are the current reasons /
issues with the PJD MIP jail patches that it is not committable?
Kind regards,
Devon H. O'Dell
[1] http://samy.kerneled.org/wordpress/index.php?p=7
More information about the freebsd-arch
mailing list