In <[EMAIL PROTECTED]>, Fabian Keil <[EMAIL PROTECTED]> typed:
> Mike Meyer <[EMAIL PROTECTED]> wrote:
>
> > In <[EMAIL PROTECTED]>, Dirk Engling <[EMAIL PROTECTED]> typed:
>
> > > > The default configuration doesn't expose sendmail to the publicly
> > > > visible IP addres. The daemon it runs only listens for connections to
> > > > the localhost address.
> > > Which is rewritten to the jails (externally visible) address on a
> > > connect()
> > Yup. I wasn't aware of that strange behavior of jails. That should be
> > fixed.
> Fixed how? Disallow jailed applications to connect to 127.0.0.1,
> and thus break most of them, or have them reach 127.0.0.1 on the
> host system and weaken the security?
>
> > I think the better fix would be to make jails not expose their
> > localhost IP address to the outside world.
> Exactly.
Ok, I'm confused. Exactly how is fixing jails to not expose their
localhost IP address to the outside world not fixing this strange
behavior of jails?
<mike
--
Mike Meyer <[EMAIL PROTECTED]> http://www.mired.org/consulting.html
Independent Network/Unix/Perforce consultant, email for more information.
_______________________________________________
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
