From owner-doc-jp-work@jp.FreeBSD.org Tue Mar 30 14:03:25 2004
Received: (from daemon@localhost)
	by castle.jp.FreeBSD.org (8.11.6p2+3.4W/8.11.3) id i2U53Pl18761;
	Tue, 30 Mar 2004 14:03:25 +0900 (JST)
	(envelope-from owner-doc-jp-work@jp.FreeBSD.org)
Received: from mail4.nec.com (dns4.nec.com [131.241.15.4])
	by castle.jp.FreeBSD.org (8.11.6p2+3.4W/8.11.3) with ESMTP/inet id i2U53Od18756
	for <doc-jp-work@jp.FreeBSD.org>; Tue, 30 Mar 2004 14:03:24 +0900 (JST)
	(envelope-from hino@sv.nec-labs.com)
Received: from netkeeper.sj.nec.com (netkeeper.sj.nec.com [131.241.31.2])
	by mail4.nec.com (/) with ESMTP id i2U53GXF009849
	for <doc-jp-work@jp.FreeBSD.org>; Mon, 29 Mar 2004 21:03:16 -0800 (PST)
Received: from goya.ccrl.sj.nec.com (localhost [127.0.0.1])
	by netkeeper.sj.nec.com (/) with ESMTP id i2U528NC009672
	for <doc-jp-work@jp.FreeBSD.org>; Mon, 29 Mar 2004 21:02:09 -0800 (PST)
Received: from localhost (alfa.ccrl.sj.nec.com [131.241.79.205])
        by goya.ccrl.sj.nec.com (8.12.10/8.12.11) with ESMTP id i2U53ANN029080
        for <doc-jp-work@jp.FreeBSD.org>; Mon, 29 Mar 2004 21:03:10 -0800
        (envelope-from hino@sv.nec-labs.com)
Message-Id: <20040329.210310.131925209.hino@sv.nec-labs.com>
To: doc-jp-work@jp.FreeBSD.org
From: Koji Hino <hino@sv.nec-labs.com>
In-Reply-To: <20040330.011444.74744913.hrs@eos.ocn.ne.jp>
References: <200403291415.i2TEFQHF035994@freefall.freebsd.org>
	<20040330.011444.74744913.hrs@eos.ocn.ne.jp>
Organization: Silicon Valley Office, NEC Laboratories America, Inc.
X-Mailer: Mew version 3.3 on Emacs 21.3 / Mule 5.0 (SAKAKI)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit
Reply-To: doc-jp-work@jp.FreeBSD.org
Precedence: list
Date: Mon, 29 Mar 2004 21:03:10 -0800
X-Sequence: doc-jp-work 848
Subject: [doc-jp-work 848] Re: ANNOUNCE: [FreeBSD-Announce] FreeBSD
 Security Advisory FreeBSD-SA-04:06.ipv6
Sender: owner-doc-jp-work@jp.FreeBSD.org
X-Originator: hino@sv.nec-labs.com
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+040307

$BK]Lu!"$$$D$b$"$j$,$H$&$4$6$$$^$9!D(B

From: Hiroki Sato <hrs@eos.ocn.ne.jp>
 Date: Tue, 30 Mar 2004 01:14:44 +0900
:> This will restrict jailed processes to creating UNIX domain, IPv4, and
:> routing sockets, which are not vulnerable to this problem; note however
:> that processes inside a jail may still be able to inherit IPv6 sockets
:> from outside the jail, so this may not be sufficient for all systems.
:> 
:> $B$3$l$O!"(Bjail $B4D6-Fb$N%W%m%;%9$KBP$7$F!"(BUNIX $B%I%a%$%s%=%1%C%H!"(B
:> IPv4 $B%=%1%C%H!"%k!<%F%#%s%0%=%1%C%H0J30$N%=%1%C%H$N:n@.$r@)8B$7$^$9!#(B
:> $B$3$l$i(B 3 $B$D$N%=%1%C%H$K$O!":#2s$NLdBj$N1F6A$O$"$j$^$;$s!#$?$@$7!"(B
:> $B$3$N$h$&$K@_Dj$7$F$b(B jail $B4D6-$NFbIt$N%W%m%;%9$O(B jail $B4D6-$N(B
:> $B30It$K$"$k(B IPv6 $B%=%1%C%H$r7Q>5$9$k$3$H$,$G$-$k$?$a!"$9$Y$F$N%7%9%F%`$G(B

$B!V30It$K$"$k!W"*!V30It$+$i!W(B
$B$N$[$&$,$7$C$/$j$/$k$+$b!#(Bjain$B4D6-$KF~$kA0$K3+$$$F$$$?(Bsoket$B$r!"3+$$$?(B
$B$^$^$G(Bjail$B4D6-$K0\9T$7$?$i!"$=$N(Bsocket$B7PM3$G0-$5$,$G$-$A$c$&!"$H$$$&$3(B
$B$H$G$9$h$M!D(B

:> $B$3$NBP1~$,M-8z$G$"$k$o$1$G$O$J$$$3$H$KCm0U$7$F$/$@$5$$!#(B

$BF|Ln(B
