bind() on 127.0.0.1 in jail: bound to the outside address?
From: Xin LI (delphij_at_frontfree.net)
Date: 02/28/05
- Previous message: Garance A Drosihn: "Re: Bug in #! processing - One More Time"
- Next in thread: Jan Grant: "Re: bind() on 127.0.0.1 in jail: bound to the outside address?"
- Reply: Jan Grant: "Re: bind() on 127.0.0.1 in jail: bound to the outside address?"
- Reply: Bryan Fullerton: "Re: bind() on 127.0.0.1 in jail: bound to the outside address?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Tue, 1 Mar 2005 00:25:48 +0800 To: freebsd-arch@FreeBSD.org, freebsd-security@FreeBSD.org
Dear folks,
It seems that doing bind() inside a jail (whose IP address is an outside
address), will result in some wierd behavior, that the actual bind is
done on the outside address.
For example, binding to 127.0.0.1:6666 inside a jail addressed 192.168.1.1,
will finally result in a bind to 192.168.1.1:6666. With this in mind,
it is possible that some formerly secure configuration fail in jail
environment.
It seems that our implementation will forward every loopback connection
to the outside address. A simple hack to work around this issue might
be to modify the individual bind procedures to treat prison case with
loopback address, but I'm not sure if a true solution can solve the
issue with minimum code change and code complexity.
Your ideas are highly appreciated!
Cheers,
-- Xin LI <delphij frontfree net> http://www.delphij.net/ See complete headers for GPG key and other information.
- application/pgp-signature attachment: stored
- Previous message: Garance A Drosihn: "Re: Bug in #! processing - One More Time"
- Next in thread: Jan Grant: "Re: bind() on 127.0.0.1 in jail: bound to the outside address?"
- Reply: Jan Grant: "Re: bind() on 127.0.0.1 in jail: bound to the outside address?"
- Reply: Bryan Fullerton: "Re: bind() on 127.0.0.1 in jail: bound to the outside address?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
|
