From owner-freebsd-questions@freebsd.org Wed Sep 2 21:41:04 2015 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D73E59C84E9 for ; Wed, 2 Sep 2015 21:41:04 +0000 (UTC) (envelope-from amvandemore@gmail.com) Received: from mail-wi0-x22f.google.com (mail-wi0-x22f.google.com [IPv6:2a00:1450:400c:c05::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 7067BBFE for ; Wed, 2 Sep 2015 21:41:04 +0000 (UTC) (envelope-from amvandemore@gmail.com) Received: by wicge5 with SMTP id ge5so54579352wic.0 for ; Wed, 02 Sep 2015 14:41:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=lTeUeZJDW4Y1YtqtxRuV4EGz5mdxWcr4VyKoTnU/qcc=; b=dF0KApmp2ZUVw1tvNf8xP50K+V+eZZxFlXkuuTJGc1ecLQX6+rFcgbiSYIOUrx8xc1 4MbYStHcKzv3qPm+NQd8JKG92IQ0Wzpl8NDl1WXJ9zLIYRysS94KjjPwSE6Jwe2elc+M CSorEwibNUHPvHt1ewAftNIAH9e1EohRtRLsNTpSIM4JYNvACJZAatK0Qvn2lWtVTMt2 QPxy0WP4tjX+sbtEMTlhi61NMtMy/X7Jd49gFXATdbNXoW1XydQxVEVHEyr/NVYCUTeB lQip32Me9DflKPyVcQ4SISu3yi/DjseRPpkW51EQLNY0h6+X8u7lgp+G1grA/ZMk2E2b g9cQ== MIME-Version: 1.0 X-Received: by 10.180.105.74 with SMTP id gk10mr7259469wib.92.1441230062822; Wed, 02 Sep 2015 14:41:02 -0700 (PDT) Received: by 10.194.67.5 with HTTP; Wed, 2 Sep 2015 14:41:02 -0700 (PDT) In-Reply-To: <55E7526D.5040101@kulturflatrate.net> References: <55E6E26A.1040706@kulturflatrate.net> <55E704D4.2050607@kulturflatrate.net> <55E7526D.5040101@kulturflatrate.net> Date: Wed, 2 Sep 2015 16:41:02 -0500 Message-ID: Subject: Re: Jail causes host to reboot From: Adam Vande More To: Niklaas Baudet von Gersdorff Cc: FreeBSD Questions Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.20 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Sep 2015 21:41:05 -0000 On Wed, Sep 2, 2015 at 2:47 PM, Niklaas Baudet von Gersdorff < niklaas@kulturflatrate.net> wrote: > On 02/09/15 17:11, Adam Vande More wrote: > > > Yes, depending on configuration. It's trivial to make a jail insecure. > > The trick is to make a jail secure and fully functional for your needs. > > Can you recommend resources that further explicates how to secure jails? > I am very interested in this but lack "ideas" on how to attack a system > so that I could make it more secure. I'd be happy about any internet > resource, book or article. > The best resource I can think is the FreeBSD bugzilla which contains the jail security advisories and related fixes. -- Adam