From owner-freebsd-security  Mon Nov 18 07:14:14 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id HAA20898
          for security-outgoing; Mon, 18 Nov 1996 07:14:14 -0800 (PST)
Received: from kdat.calpoly.edu (kdat.csc.calpoly.edu [129.65.54.101])
          by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id HAA20884
          for <freebsd-security@freebsd.org>; Mon, 18 Nov 1996 07:14:05 -0800 (PST)
Received: (from nlawson@localhost) by kdat.calpoly.edu (8.6.12/N8) id HAA03689; Mon, 18 Nov 1996 07:10:45 -0800
From: Nathan Lawson <nlawson@kdat.csc.calpoly.edu>
Message-Id: <199611181510.HAA03689@kdat.calpoly.edu>
Subject: Re: grand alternatives to chroot, solution to the age-old root problem
To: dreamer@garrison.inetcan.net (Digital Dreamer)
Date: Mon, 18 Nov 1996 07:10:44 -0800 (PST)
In-Reply-To: <Pine.LNX.3.91.961117152955.1880A-100000@garrison.inetcan.net> from "Digital Dreamer" at Nov 17, 96 03:31:15 pm
X-Mailer: ELM [version 2.4 PL23]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-security@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

> On Sun, 17 Nov 1996, az.com wrote:
> 
> > No longer do you have to worry about whether they have root or not - in
> > fact each user gets to be root! (in their own machine, of course ;) ) If
> > they want to hack, get fancy, reboot, etc. - its up to them - its *their*
> > system, not yours. 
> > 
> > If they blow out the virtual OS space because they gave their password out
> > to a grommet or made a mistake, you simply run a utility which checks and
> > repairs virtual file system's partitions and refreshes the virtual
> > 'environment's' OS from a template. 
> 
> Sounds nice, but kind of impractical.  There's no unice (AFAIK) whose 
> kernel could do this without essentially being rewritten.  Besides, 
> there's still the possibility of kernel bugs that would let you break out 
> of your vm and get into that of others.

Back when I first started using UNIX, the school had an IBM 3090 running VM.
It has virtual machines and ran AIX, CMS, and several other OS's.  All were
separate from each other and seemed to run fine, albeit a bit slowly (they
were trying to spool all the school's news through it  :)

Various trusted OS's use the VM concept.

-- 
Nate Lawson                  "There are a thousand hacking at the branches of
CPE Senior                    evil to one who is striking at the root."
CSL Admin                              -- Henry David Thoreau, 'Walden', 1854