From owner-freebsd-security Wed May 17 13:50:57 2000 Delivered-To: freebsd-security@freebsd.org Received: from gw.nectar.com (gw.nectar.com [209.98.143.44]) by hub.freebsd.org (Postfix) with ESMTP id 1EA6037BCD0 for <freebsd-security@freebsd.org>; Wed, 17 May 2000 13:50:54 -0700 (PDT) (envelope-from nectar@nectar.com) Received: from bone.nectar.com (bone.nectar.com [10.0.1.105]) by gw.nectar.com (Postfix) with ESMTP id BB6AF9B10; Wed, 17 May 2000 15:50:49 -0500 (CDT) Received: by bone.nectar.com (Postfix, from userid 1001) id 67BFC1DAB; Wed, 17 May 2000 15:50:49 -0500 (CDT) Date: Wed, 17 May 2000 15:50:49 -0500 From: "Jacques A . Vidrine" <n@nectar.com> To: Dan Harnett <danh@wzrd.com> Cc: freebsd-security@freebsd.org Subject: Re: Jail: Problems? Proper Usage? Status? Practicality? Message-ID: <20000517155049.B48295@bone.nectar.com> Mail-Followup-To: "Jacques A . Vidrine" <n@nectar.com>, Dan Harnett <danh@wzrd.com>, freebsd-security@freebsd.org References: <20000517110758.C6884@bone.nectar.com> <Pine.NEB.3.96L.1000517123129.20229D-100000@fledge.watson.org> <20000517152621.A48218@bone.nectar.com> <20000517164519.A79630@mail.wzrd.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2i In-Reply-To: <20000517164519.A79630@mail.wzrd.com>; from danh@wzrd.com on Wed, May 17, 2000 at 04:45:19PM -0400 X-Url: http://www.nectar.com/ Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, May 17, 2000 at 04:45:19PM -0400, Dan Harnett wrote: > Isn't there a downside to that as well? Unless the files are read-only, if > one jail should get compromised any common shared files could actually lead to > holes in the remaining jails. An example being a modified sshd or telnetd. The assumption is that the files _are_ read-only, or even better, schg. -- Jacques Vidrine / n@nectar.com / nectar@FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message