bind() on 127.0.0.1 in jail: bound to the outside address?
--KsGdsel6WgEHnImy
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Dear folks,
It seems that doing bind() inside a jail (whose IP address is an outside
address), will result in some wierd behavior, that the actual bind is
done on the outside address.
For example, binding to 127.0.0.1:6666 inside a jail addressed 192.168.1.1,
will finally result in a bind to 192.168.1.1:6666. With this in mind,
it is possible that some formerly secure configuration fail in jail
environment.
It seems that our implementation will forward every loopback connection
to the outside address. A simple hack to work around this issue might
be to modify the individual bind procedures to treat prison case with
loopback address, but I'm not sure if a true solution can solve the
issue with minimum code change and code complexity.
Your ideas are highly appreciated!
Cheers,
--=20
Xin LI <delphij frontfree net> http://www.delphij.net/
See complete headers for GPG key and other information.
--KsGdsel6WgEHnImy
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (FreeBSD)
iD8DBQFCI0YM/cVsHxFZiIoRAnqIAJ9POX6OwQUb9k8jOQcNmdyEanmutwCeLQaA
rxIUQwv4OU3t2ziOu5defsQ=
=li2c
-----END PGP SIGNATURE-----
--KsGdsel6WgEHnImy--
討論串 (同標題文章)
完整討論串 (本文為第 1 之 2 篇):