From owner-freebsd-security Mon May 15 10:18: 2 2000 Delivered-To: freebsd-security@freebsd.org Received: from critter.freebsd.dk (critter.freebsd.dk [212.242.40.131]) by hub.freebsd.org (Postfix) with ESMTP id 6462137BB83 for ; Mon, 15 May 2000 10:17:57 -0700 (PDT) (envelope-from phk@critter.freebsd.dk) Received: from critter.freebsd.dk (localhost [127.0.0.1]) by critter.freebsd.dk (8.9.3/8.9.3) with ESMTP id TAA06179; Mon, 15 May 2000 19:17:35 +0200 (CEST) (envelope-from phk@critter.freebsd.dk) To: Geoffrey Robinson Cc: security@FreeBSD.ORG Subject: Re: Jail: Problems? Proper Usage? Status? Practicality? In-reply-to: Your message of "Mon, 15 May 2000 12:53:42 EDT." Date: Mon, 15 May 2000 19:17:35 +0200 Message-ID: <6177.958411055@critter.freebsd.dk> From: Poul-Henning Kamp Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >I have setup a test jail on my workstation with good results. The first >problem I have found is that I can't access the jailed IP at all from the >host system, nor the host system from the jailed one. However both host >and jailed IPs are accessible to other machines on the network. Is this >intentional? Sounds like some kind of configuration error in your end. It works fine for me. In general it is best to add the IP aliases to the lo0 interface. >Finally how secure is jail really? I don't know of any way to escape. There are a few known things where someone in a jail can make a nuisance of themselves, but not a way for them to break out. >Is jail still under active development? I would call it "under normal maintenance", there are no planned new features on the way. >Is it worth the trouble to do any of this? Now how would *I* know ? :-) -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD coreteam member | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message