VIMAGE and OpenVPN idea...
Poul-Henning Kamp
phk at phk.freebsd.dk
Sun Sep 4 21:47:46 UTC 2011
Here is an idea for an interesting little project:
Imagine a firewall where all the external interfaces are
confined in a jail which has no IP-connectivity to the
rest of the machine.
Start OpenVPN outside the jail, have it setup a two-way pipe
and fork a childprocess, which attaches to the jail and performs
out all public-side socket operations inside the jail, passing
only the raw encrypted packets over the pipe.
Tada: Nothing in the jail can be hacked...
Only problem is: OpenVPN doesn't know this trick.
But how hard could that be ?
Somebody[tm] should do that...
--
Poul-Henning Kamp | UNIX since Zilog Zeus 3.20
phk at FreeBSD.ORG | TCP/IP since RFC 956
FreeBSD committer | BSD since 4.3-tahoe
Never attribute to malice what can adequately be explained by incompetence.
More information about the freebsd-security
mailing list