From owner-cvs-all Thu Jul 20 10:58:18 2000 Delivered-To: cvs-all@freebsd.org Received: from troutmask.apl.washington.edu (troutmask.apl.washington.edu [128.95.76.54]) by hub.freebsd.org (Postfix) with ESMTP id 8C74A37BAFA; Thu, 20 Jul 2000 10:58:06 -0700 (PDT) (envelope-from sgk@troutmask.apl.washington.edu) Received: (from sgk@localhost) by troutmask.apl.washington.edu (8.9.3/8.9.3) id KAA55765; Thu, 20 Jul 2000 10:58:34 -0700 (PDT) (envelope-from sgk) From: Steve Kargl Message-Id: <200007201758.KAA55765@troutmask.apl.washington.edu> Subject: Re: cvs commit: src/sys/i386/linux linux_dummy.c linux_misc.c In-Reply-To: <200007201738.LAA91857@harmony.village.org> from Warner Losh at "Jul 20, 2000 11:38:34 am" To: Warner Losh Date: Thu, 20 Jul 2000 10:58:34 -0700 (PDT) Cc: Marcel Moolenaar , Robert Watson , cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG, security-officer@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL61 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Warner Losh wrote: > : BTW: Making the Linuxulator secure is relatively easy if you only count > : Linux binaries that are developed for a real Linux system. It's much > : harder to make it secure for any Linux binaries that are designed to > : exploit bugs in the Linuxulator, right? > > No. Programs that attack bugs in the linuxulator need to be defended > against. Otherwise, we've just introduced a big, huge security hole > into FreeBSD which isn't acceptible. Lots of people run the > Linuxulator, so any attacks that one can launch on it will have a > large i mpact in our user base. > Can the linuxulator be encapsulated by a jail(2) environment? This would at least minimize the damage a rogue program to the jail. -- Steve To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message