jails, cron and sendmail
Mike Meyer
mwm-keyword-freebsdhackers2.e313df at mired.org
Mon Aug 28 13:38:54 UTC 2006
In <20060828150039.21e8bd4a at localhost>, Fabian Keil <freebsd-listen at fabiankeil.de> typed:
> Mike Meyer <mwm-keyword-freebsdhackers2.e313df at mired.org> wrote:
>
> > In <44F1B7B7.9090701 at erdgeist.org>, Dirk Engling <erdgeist at erdgeist.org> typed:
>
> > > > The default configuration doesn't expose sendmail to the publicly
> > > > visible IP addres. The daemon it runs only listens for connections to
> > > > the localhost address.
> > > Which is rewritten to the jails (externally visible) address on a connect()
> > Yup. I wasn't aware of that strange behavior of jails. That should be
> > fixed.
> Fixed how? Disallow jailed applications to connect to 127.0.0.1,
> and thus break most of them, or have them reach 127.0.0.1 on the
> host system and weaken the security?
>
> > I think the better fix would be to make jails not expose their
> > localhost IP address to the outside world.
> Exactly.
Ok, I'm confused. Exactly how is fixing jails to not expose their
localhost IP address to the outside world not fixing this strange
behavior of jails?
<mike
--
Mike Meyer <mwm at mired.org> http://www.mired.org/consulting.html
Independent Network/Unix/Perforce consultant, email for more information.
More information about the freebsd-hackers
mailing list