From owner-freebsd-security  Thu Oct  5  5:25:19 2000
Delivered-To: freebsd-security@freebsd.org
Received: from smtp.doosys.com (smtp.doosys.com [195.64.50.136])
	by hub.freebsd.org (Postfix) with ESMTP id 7E7F537B66D
	for <freebsd-security@freebsd.org>; Thu,  5 Oct 2000 05:25:15 -0700 (PDT)
Received: from smtp.intra.doosys.com (IDENT:itcsrv-doosys@smtp.intra.doosys.com. [10.10.10.12])
	by smtp.doosys.com (8.9.3/8.9.3) with ESMTP id OAA90724;
	Thu, 5 Oct 2000 14:17:17 +0200 (CEST)
	(envelope-from Bart_van_Leeuwen@doosys.com)
From: Bart_van_Leeuwen@doosys.com
Subject: Re: Fwd: eth-security : ANNOUNCE : Resources no for ALL
To: "Jacques A. Vidrine" <n@nectar.com>
Cc: freebsd-security@freebsd.org
X-Mailer: Lotus Notes Release 5.0.4  June 8, 2000
Message-ID: <OFB0C2480F.3416AB2D-ONC125696F.00437311@intra.doosys.com>
Date: Thu, 5 Oct 2000 14:25:11 +0200
X-MIMETrack: Serialize by Router on ITCSRV/DOOSYS(Release 5.0.4a |July 24, 2000) at 10/05/2000
 02:25:11 PM
MIME-Version: 1.0
Content-type: text/plain; charset=us-ascii
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


Creating a single jail for a group of interactive users is quite practical.
Creating a seperate jail for each individual interactive user can become
inpractical for example due to disk space requirements and the
complexibility of the evironment for the administrator.
One key element in creating a secure environment is being able to get a
decent level of insight in what is going on in the environment.
Once tools for administrating jails are better developed this picture might
change a bit.

Bart van Leeuwen.

mailto:Bart_van_Leeuwen@doosys.com
http://www.doosys.com/

mailto:bart@ixori.demon.nl
http://www.ixori.demon.nl/




                                                                                                                         
                    "Jacques A. Vidrine"                                                                                 
                    <n@nectar.com>                  To:     cjclark@alum.mit.edu                                         
                    Sent by:                        cc:     freebsd-security@FreeBSD.ORG                                 
                    owner-freebsd-security@F        Subject:     Re: Fwd: eth-security : ANNOUNCE : Resources no for ALL 
                    reeBSD.ORG                                                                                           
                                                                                                                         
                                                                                                                         
                    05-10-2000 13:56                                                                                     
                                                                                                                         
                                                                                                                         



On Wed, Oct 04, 2000 at 11:43:25PM -0700, Crist J . Clark wrote:
> But anyway, jail(8) is a very different beast from the patches. It is
> not practical to put each interactive user in a jail for, say, a
> several dozen or several hundered user system.

And why is that?
--
Jacques Vidrine / n@nectar.com / jvidrine@verio.net / nectar@FreeBSD.org


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message






To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message