From owner-freebsd-security Fri Sep 6 11:58:22 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D9EBD37B400 for ; Fri, 6 Sep 2002 11:58:14 -0700 (PDT) Received: from web12803.mail.yahoo.com (web12803.mail.yahoo.com [216.136.174.38]) by mx1.FreeBSD.org (Postfix) with SMTP id 9511F43E4A for ; Fri, 6 Sep 2002 11:58:14 -0700 (PDT) (envelope-from zaunere@yahoo.com) Message-ID: <20020906185814.71834.qmail@web12803.mail.yahoo.com> Received: from [128.122.155.151] by web12803.mail.yahoo.com via HTTP; Fri, 06 Sep 2002 11:58:14 PDT Date: Fri, 6 Sep 2002 11:58:14 -0700 (PDT) From: Hans Zaunere Subject: jail() House Rock To: freebsd-security@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I'm looking to provide jail()'d root access to clients (the virtual private server bit). I myself have been a client on several of these setups, and while some are better than others, I often find missing and broken features - and I've never even looked at it from a security standpoint. Aside from the commonly known man pages/handbooks/etc is there a definitve source for PROPERLY setting one of these systems up? Something that outlines what features mean decreased security? Something that outlines proper layout of these systems? Then I can judge exactly what and what not to offer. I already have a good handle on security of regular systems, so something specific to the jail()'d environment would be best, as I'm sure there are some gotchas and such. Thank you, Hans __________________________________________________ Do You Yahoo!? Yahoo! Finance - Get real-time stock quotes http://finance.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message