jails, cron and sendmail

Mike Meyer mwm-keyword-freebsdhackers2.e313df at mired.org
Mon Aug 28 13:38:54 UTC 2006


In <20060828150039.21e8bd4a at localhost>, Fabian Keil <freebsd-listen at fabiankeil.de> typed:
> Mike Meyer <mwm-keyword-freebsdhackers2.e313df at mired.org> wrote:
> 
> > In <44F1B7B7.9090701 at erdgeist.org>, Dirk Engling <erdgeist at erdgeist.org> typed:
> 
> > > > The default configuration doesn't expose sendmail to the publicly
> > > > visible IP addres. The daemon it runs only listens for connections to
> > > > the localhost address.
> > > Which is rewritten to the jails (externally visible) address on a connect()
> > Yup. I wasn't aware of that strange behavior of jails. That should be
> > fixed.
> Fixed how? Disallow jailed applications to connect to 127.0.0.1,
> and thus break most of them, or have them reach 127.0.0.1 on the
> host system and weaken the security? 
>
> > I think the better fix would be to make jails not expose their
> > localhost IP address to the outside world.
> Exactly.

Ok, I'm confused. Exactly how is fixing jails to not expose their
localhost IP address to the outside world not fixing this strange
behavior of jails?

	<mike
-- 
Mike Meyer <mwm at mired.org>		http://www.mired.org/consulting.html
Independent Network/Unix/Perforce consultant, email for more information.


More information about the freebsd-hackers mailing list