From owner-freebsd-security  Thu Aug 23 11:44:30 2001
Delivered-To: freebsd-security@freebsd.org
Received: from hq1.tyfon.net (hq1.tyfon.net [217.27.162.35])
	by hub.freebsd.org (Postfix) with ESMTP id 45A3737B40C
	for <freebsd-security@freebsd.org>; Thu, 23 Aug 2001 11:44:16 -0700 (PDT)
	(envelope-from dl@tyfon.net)
Received: from localhost (localhost [127.0.0.1])
	by hq1.tyfon.net (Postfix) with ESMTP
	id 67E0F1C5C4; Thu, 23 Aug 2001 20:44:14 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
	by hq1.tyfon.net (Postfix) with ESMTP
	id 5A95C1C5C1; Thu, 23 Aug 2001 20:44:13 +0200 (CEST)
Date: Thu, 23 Aug 2001 20:44:13 +0200 (CEST)
From: Dan Larsson <dl@tyfon.net>
To: Alexey Zakirov <frank@agava.com>
Cc: Shannon Johnson <shannon@needhams.com>,
	<freebsd-security@freebsd.org>
Subject: Re: jail & security
In-Reply-To: <Pine.BSF.4.32.0108232227020.47648-100000@hellbell.domain>
Message-ID: <20010823204332.K95564-100000@hq1.tyfon.net>
Organization: Tyfon Svenska AB
X-NCC-NIC: DL1999-RIPE
X-NCC-RegID: se.tyfon
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Virus-Scanned: by hq1.tyfon.net
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Thu, 23 Aug 2001, Alexey Zakirov wrote:

| > Alexey, correct me if I am wrong, but Igor was asking if it was possible to
|
| > limit "resources allocated by  each VM (jail)." I simply addressed it on
| > this issue and not on "root compromise." That is why I refered him to login
| > classes.
| >
| > By the way, it is nice to know that you would trash my system if given root
| > access within the jail. However, there are ways to prevent people like
| > yourself from destroying a system (e.g. read only file system, setting the
| > system immutable flag, etc.)
|
| jail(2) is GREAT feature. I'm thank PHK for did it. It's really pretend to
| be a great security help in the unixos.
|
| > Remind me to never give you a shell account.
|
| It IS a problem. Shell is not a problem, but there is the PR/18209.
| If you want a shell account: http://register.h1.ru/index.shtml

Perhaps this is worth looking at

  http://sektor7.ath.cx:8080/openroot/index.php


Regards
+------
Dan Larsson  -+- Tyfon Svenska AB -+-  DL1999-RIPE
2AA5 90AE 5185 5924 1E0B  1A99 EC8A EA84 406B 06B9


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message