From owner-freebsd-security  Thu Aug 23 11:40:12 2001
Delivered-To: freebsd-security@freebsd.org
Received: from relay2.agava.net.ru (2.oivt.mipt.ru [193.125.142.2])
	by hub.freebsd.org (Postfix) with ESMTP id 80E3337B403
	for <freebsd-security@freebsd.org>; Thu, 23 Aug 2001 11:39:50 -0700 (PDT)
	(envelope-from frank@agava.com)
Received: from gw.office.agava.ru (2.oivt.mipt.ru [193.125.142.2])
	by relay2.agava.net.ru (Postfix) with ESMTP
	id 083EC43459; Thu, 23 Aug 2001 22:39:49 +0400 (MSD)
Received: from hellbell.domain (hellbell.domain [192.168.1.12])
	by gw.office.agava.ru (Postfix) with ESMTP
	id 1192060D3; Thu, 23 Aug 2001 22:39:48 +0400 (MSD)
Received: from localhost (localhost [127.0.0.1])
	by hellbell.domain (Postfix) with ESMTP
	id CBF5DCCEF; Thu, 23 Aug 2001 22:39:47 +0400 (MSD)
Date: Thu, 23 Aug 2001 22:39:47 +0400 (MSD)
From: Alexey Zakirov <frank@agava.com>
X-X-Sender:  <frank@hellbell.domain>
To: Shannon Johnson <shannon@needhams.com>
Cc: <freebsd-security@freebsd.org>
Subject: Re: jail & security
In-Reply-To: <00b001c12bda$09996fc0$3303a8c0@needhams.com>
Message-ID: <Pine.BSF.4.32.0108232227020.47648-100000@hellbell.domain>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

> Alexey, correct me if I am wrong, but Igor was asking if it was possible to

> limit "resources allocated by  each VM (jail)." I simply addressed it on
> this issue and not on "root compromise." That is why I refered him to login
> classes.
>
> By the way, it is nice to know that you would trash my system if given root
> access within the jail. However, there are ways to prevent people like
> yourself from destroying a system (e.g. read only file system, setting the
> system immutable flag, etc.)

jail(2) is GREAT feature. I'm thank PHK for did it. It's really pretend to
be a great security help in the unixos.

> Remind me to never give you a shell account.

It IS a problem. Shell is not a problem, but there is the PR/18209.
If you want a shell account: http://register.h1.ru/index.shtml

*** WBR, Alexey Zakirov (frank@agava.com)


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message