Date: Sun, 17 Nov 1996 13:56:56 -0800 (PST) From: "az.com" <yankee@lucy.az.com> To: freebsd-security@FreeBSD.ORG Subject: grand alternatives to chroot, solution to the age-old root problem Message-ID: <Pine.BSF.3.91.961117133249.19647K-100000@lucy.az.com> In-Reply-To: <199611040327.TAA10276@salsa.gv.ssi1.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Has anyone considered enabling 'virtual-machines' on UNIX? Why not dedicate a physical machine to this purpose and firewall it off from the rest by making each virtual machine to appear to be gateway'd via a point-point connection to the main subnet. Each user telnets into a unix logical "machine" with a distinct IP address of their own. The 'mother' kernel above provides a socket to the IP world disallowing sniffing and also provides a bandwidth usage auditor and choke. (It looks like a completely separate box with its own init, etc.) Each user gets complete control in their own machine with access to their web server, programs, etc. No longer do you have to worry about whether they have root or not - in fact each user gets to be root! (in their own machine, of course ;) ) If they want to hack, get fancy, reboot, etc. - its up to them - its *their* system, not yours. If they blow out the virtual OS space because they gave their password out to a grommet or made a mistake, you simply run a utility which checks and repairs virtual file system's partitions and refreshes the virtual 'environment's' OS from a template. Dan
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.91.961117133249.19647K-100000>