Date: Tue, 5 Aug 2003 06:50:18 -0700 (PDT) From: Yar Tikhiy <yar@FreeBSD.org> To: freebsd-bugs@FreeBSD.org Subject: Re: kern/55163: [patch] hide kld system details from jails Message-ID: <200308051350.h75DoIFc013893@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR kern/55163; it has been noted by GNATS. From: Yar Tikhiy <yar@FreeBSD.org> To: Dmitry Morozovsky <marck@rinet.ru> Cc: FreeBSD-gnats-submit@FreeBSD.org Subject: Re: kern/55163: [patch] hide kld system details from jails Date: Tue, 5 Aug 2003 17:44:32 +0400 On Mon, Aug 04, 2003 at 12:26:23PM +0400, Dmitry Morozovsky wrote: > > Well, security thru obscurity is not the best technique ;-) > However, it seems that reveal too much info about host system for jail user, > or even for jail admin, is not always the best. We plan to use it together with > Pawel Jakub Dawidek's jailfsstat kernel module. > > This code path is rare, so no performance problem I think. Any objections? The only objection I can see is that a generalized framework for restricting system interfaces within a jail should be developed instead of sticking in "if (foo_allowed)" everywhere. -- Yar
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200308051350.h75DoIFc013893>