Date: Thu, 23 Aug 2001 06:46:40 -0700 From: "Shannon Johnson" <shannon@needhams.com> To: "Alexey Zakirov" <frank@agava.com> Cc: <freebsd-security@freebsd.org> Subject: Re: jail & security Message-ID: <00b001c12bda$09996fc0$3303a8c0@needhams.com> References: <Pine.BSF.4.32.0108231715470.46875-100000@hellbell.domain>
next in thread | previous in thread | raw e-mail | index | archive | help
> On Thu, 23 Aug 2001, Alexey Zakirov wrote: > > > > no chances. It's a very pain jail feature (weakness). :( > > > > I actually disagree. It it possible to limit a users resources within a > > sorry, I have to repeat "no chances". > You CAN'T limit whole jail limits. If I had the superuser priviliges in > your jail(2) I'd trash your system. You can set users limits but you can't > resist against root compromise as ASPLinux and UML linux do. Alexey, correct me if I am wrong, but Igor was asking if it was possible to limit "resources allocated by each VM (jail)." I simply addressed it on this issue and not on "root compromise." That is why I refered him to login classes. By the way, it is nice to know that you would trash my system if given root access within the jail. However, there are ways to prevent people like yourself from destroying a system (e.g. read only file system, setting the system immutable flag, etc.) Remind me to never give you a shell account. --- Shannon To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?00b001c12bda$09996fc0$3303a8c0>