From owner-freebsd-questions@FreeBSD.ORG Fri Nov 16 07:27:16 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 779C416A46C for ; Fri, 16 Nov 2007 07:27:16 +0000 (UTC) (envelope-from florenzi@gmail.com) Received: from py-out-1112.google.com (py-out-1112.google.com [64.233.166.180]) by mx1.freebsd.org (Postfix) with ESMTP id 35AC513C478 for ; Fri, 16 Nov 2007 07:27:15 +0000 (UTC) (envelope-from florenzi@gmail.com) Received: by py-out-1112.google.com with SMTP id u77so4198246pyb for ; Thu, 15 Nov 2007 23:27:15 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; bh=+jSPw5i68I1fR6Ao3ctboXcBShA66//571Dnn6nvb5k=; b=F5LV4PzTd0GpJJlKVrm6M3jP/NMdEuC4bkcjQyyNjSU/FmAZRArhyuUAtgot5xSLLDHn44AWuXxWjNFrDeAyvM2jhDO+bpR3rfaJ7O/LkJVCU9VAYaB1rAEUagmBX5ZYsRcR+/s3mXEVbd8PMYXSe6tdH1UXC7KHnSzZW5Pxibo= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=O3CJQV6E7v3IdX6+8R2sh5zPb+YJrfxHeW4SoUfzfxbZftpMhCJNkJ+JVWbidHbUJhEgn10eeLbQXZjbnSeiP5zO7aFaA9zF1BbahhAYx720B8gGQllRpjkatJNvnpKaHVnHOB0SkXHsD6KsSwKJYR0GqYKrUyGA0l+GmllAhbg= Received: by 10.65.234.2 with SMTP id l2mr3544574qbr.1195198035045; Thu, 15 Nov 2007 23:27:15 -0800 (PST) Received: by 10.64.91.18 with HTTP; Thu, 15 Nov 2007 23:27:15 -0800 (PST) Message-ID: <3a386af20711152327h7bb6dac9p656f949bf0709527@mail.gmail.com> Date: Fri, 16 Nov 2007 07:27:15 +0000 From: "Federico Lorenzi" To: "Norberto Meijome" In-Reply-To: <20071116175719.67457ce4@meijome.net> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <3eca10930711140740gb8c2b88v6a13795c41e3eafb@mail.gmail.com> <473B3C56.5020103@cederstrand.dk> <20071116175719.67457ce4@meijome.net> Cc: Matt Fioravante , Erik Cederstrand , freebsd-questions@freebsd.org Subject: Re: Jails and multicore boxes X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 16 Nov 2007 07:27:16 -0000 On Nov 16, 2007 6:57 AM, Norberto Meijome wrote: > On Wed, 14 Nov 2007 19:20:06 +0100 > Erik Cederstrand wrote: > > > You'll have to answer that yourself. How valuable is your data? What are > > you trying to protect? If you're worrying about getting cracked and used > > as a spam bot, jails are no more secure than a non-jail system. > > Maybe some qualification is needed here. > > If your mail jail gets broken into, then it will still be used as a spambot. > > But your host (the machine in which your jails run in) wouldn't have been compromised, necessarily, by the fact that the jail got compromised. Having root on a jail > (if that's what we are talking about by 'compromised' ) shouldn't affect your host machine. Unless there is some other vulnerability that can be used, of course. Thats true indeed, however many people are saying that jails do not necessarily, make an environment more secure. I'm not really knowledable in that area, but they do add another layer to the proverbial onion. I use jails, but more for convenience then security, if i get a new (home) server box, I can just move some jails across with a simple tar and then scp, and have them work pretty much instantly. Cheers Federico