From owner-freebsd-questions@FreeBSD.ORG Fri Nov 16 06:57:34 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6E7C116A418 for ; Fri, 16 Nov 2007 06:57:34 +0000 (UTC) (envelope-from freebsd@meijome.net) Received: from sigma.octantis.com.au (ns2.octantis.com.au [207.44.189.124]) by mx1.freebsd.org (Postfix) with ESMTP id 23AF613C4C5 for ; Fri, 16 Nov 2007 06:57:33 +0000 (UTC) (envelope-from freebsd@meijome.net) Received: (qmail 18243 invoked from network); 16 Nov 2007 00:57:26 -0600 Received: from 124-170-94-7.dyn.iinet.net.au (HELO localhost) (124.170.94.7) by sigma.octantis.com.au with (DHE-RSA-AES256-SHA encrypted) SMTP; 16 Nov 2007 00:57:25 -0600 Date: Fri, 16 Nov 2007 17:57:19 +1100 From: Norberto Meijome To: Erik Cederstrand Message-ID: <20071116175719.67457ce4@meijome.net> In-Reply-To: <473B3C56.5020103@cederstrand.dk> References: <3eca10930711140740gb8c2b88v6a13795c41e3eafb@mail.gmail.com> <473B3C56.5020103@cederstrand.dk> X-Mailer: Claws Mail 3.0.2 (GTK+ 2.12.1; i386-portbld-freebsd7.0) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Cc: Matt Fioravante , freebsd-questions@freebsd.org Subject: Re: Jails and multicore boxes X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 16 Nov 2007 06:57:34 -0000 On Wed, 14 Nov 2007 19:20:06 +0100 Erik Cederstrand wrote: > You'll have to answer that yourself. How valuable is your data? What are > you trying to protect? If you're worrying about getting cracked and used > as a spam bot, jails are no more secure than a non-jail system. Maybe some qualification is needed here. If your mail jail gets broken into, then it will still be used as a spambot. But your host (the machine in which your jails run in) wouldn't have been compromised, necessarily, by the fact that the jail got compromised. Having root on a jail (if that's what we are talking about by 'compromised' ) shouldn't affect your host machine. Unless there is some other vulnerability that can be used, of course. B _________________________ {Beto|Norberto|Numard} Meijome "The more I see the less I know for sure." John Lennon I speak for myself, not my employer. Contents may be hot. Slippery when wet. Reading disclaimers makes you go blind. Writing them is worse. You have been Warned.