Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 3 Mar 2005 18:14:56 -0500
From:      Anish Mistry <mistry.7@osu.edu>
To:        Ean Kingston <ean@hedron.org>
Cc:        Chris Hodgins <chodgins@cis.strath.ac.uk>
Subject:   Re: Sharing directories with jails
Message-ID:  <200503031815.04158.mistry.7@osu.edu>
In-Reply-To: <4011.216.220.59.169.1109888589.squirrel@216.220.59.169>
References:  <4227164D.3050103@cis.strath.ac.uk> <200503031316.56083.mistry.7@osu.edu> <4011.216.220.59.169.1109888589.squirrel@216.220.59.169>

next in thread | previous in thread | raw e-mail | index | archive | help
--nextPart10079835.7YT7haUBNq
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

On Thursday 03 March 2005 05:23 pm, Ean Kingston wrote:
> > On Thursday 03 March 2005 12:42 pm, Chris Hodgins wrote:
>
> [cut original question and answer]
>
> >> Ok perhaps I should clarify what my intentions are a little
> >> more. I am planning on providing a FreeBSD jail for any member
> >> of a geek society I am a member of.  When I say they are
> >> untrusted, I mean that I won't be giving them full root access
> >> to my server but I trust them enough not to do anything
> >> malicious inside a jail.  It is just like a fun place they can
> >> play and not have to worry to much about breaking things.
> >>
> >> How easy is it exactly to break out of a jail if you have access
> >> to development tools?
> >
> > http://www.securiteam.com/unixfocus/5WP031535U.html
>
> How current is this? The article appears to be dated 2001. Are
> there still buffer-overflow issues with /proc?
>

5.3 and later no longer need proc and it's not mounted by default.

> > If you use securelevels you can a sigificantly improve security.

=2D-=20
Anish Mistry

--nextPart10079835.7YT7haUBNq
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (FreeBSD)

iD8DBQBCJ5p4xqA5ziudZT0RAnQKAJwMVpV0p9W45gk2aGHhZ789Fg+w3ACcCQ+y
xMS7duMm1LokEohKvMxHKmU=
=l/1q
-----END PGP SIGNATURE-----

--nextPart10079835.7YT7haUBNq--



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200503031815.04158.mistry.7>