About this list Date view Thread view Subject view Author view Attachment view

From: Sam Vilain (sam_at_vilain.net)
Date: Sun 15 Aug 2004 - 22:55:15 BST


Herbert Poetzl wrote:

>using 127.X.0.1 with X!=0 seems somewhat strange,
>what is the idea behind this? 'normal' vservers do
>not use lo device, because this is a security hole
>per definition ...
>
>

I thought that sharing the IP address 127.0.0.1 was the security hole,
and the only thing special about lo is that it is a dummy interface that
doesn't broadcast anywhere. The IP RFC specifies the whole of 127.* for
local host addresses (of course, glibc has an arguably broken #define of
INADDR_LOOPBACK = 127.0.0.1, so certain methods of opening a socket (eg,
ssh port forwarding) break).

Having said that, the times I've tried to set up vservers on the
loopback interface firewalling didn't work correctly (IIRC) so maybe it
is special in some wierd and historic way.

Sam.
_______________________________________________
Vserver mailing list
Vserver_at_list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


About this list Date view Thread view Subject view Author view Attachment view
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Sun 15 Aug 2004 - 22:55:34 BST by hypermail 2.1.3