"Jacques A. Vidrine" wrote:
> On Mon, Aug 04, 2003 at 10:53:03AM -0700, Terry Lambert wrote:
> > You would either lose or overexpose root-restricted functionality,
> > such as flood-ping.
> 
> Eh?  Why?  pingd can know your credentials.

Through the credential passing?  I thought that wasn't reliable
for this type of thing.  Specifically, the jail would be in an
untrusted protection domain; if you just accepted the credential
blindly, then anyone could be root in the jail, and you could not
trust it.

If you didn't accept it blindly, then regular root loses existing
functionality.

I'm pretty sure that, at least the last time I looke at it, the
credential passing code didn't pass information about jail status.

Yeah, it's doable, but it's not as small amount of work as this
discussion so far has implied.  Mostly, certain capabilities are
going to end up lost.

BTW: the main reason for a pingd when dealing with jails isn't
about increased security, it's about routing the responses to the
appropriate sender.

The way Novell dealt with this in IPX was to define an internal
network interface that was routed from other internal network
interfaces: in effect, they added an internal router hop.

-- Terry
_______________________________________________
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to