Date: Thu, 3 Mar 2005 17:23:09 -0500 (EST) From: "Ean Kingston" <ean@hedron.org> To: "Anish Mistry" <mistry.7@osu.edu> Cc: Chris Hodgins <chodgins@cis.strath.ac.uk> Subject: Re: Sharing directories with jails Message-ID: <4011.216.220.59.169.1109888589.squirrel@216.220.59.169> In-Reply-To: <200503031316.56083.mistry.7@osu.edu> References: <4227164D.3050103@cis.strath.ac.uk> <2939.216.220.59.169.1109865872.squirrel@216.220.59.169> <42274C9D.4000107@cis.strath.ac.uk> <200503031316.56083.mistry.7@osu.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
> On Thursday 03 March 2005 12:42 pm, Chris Hodgins wrote: [cut original question and answer] >> Ok perhaps I should clarify what my intentions are a little more. >> I am planning on providing a FreeBSD jail for any member of a geek >> society I am a member of. When I say they are untrusted, I mean >> that I won't be giving them full root access to my server but I >> trust them enough not to do anything malicious inside a jail. It >> is just like a fun place they can play and not have to worry to >> much about breaking things. >> >> How easy is it exactly to break out of a jail if you have access to >> development tools? >> > > http://www.securiteam.com/unixfocus/5WP031535U.html How current is this? The article appears to be dated 2001. Are there still buffer-overflow issues with /proc? > > If you use securelevels you can a sigificantly improve security. > -- Ean Kingston E-Mail: ean_AT_hedron_DOT_org PGP KeyID: 1024D/CBC5D6BB URL: http://www.hedron.org/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4011.216.220.59.169.1109888589.squirrel>