[prev in list] [next in list] [prev in thread] [next in thread]
List: freebsd-hackers
Subject: Re: Idea about 'skeleton jail
From: Pawel Malachowski <pawmal-posting () freebsd ! lublin ! pl>
Date: 2005-01-31 19:39:35
Message-ID: 20050131193935.GA34986 () shellma ! zin ! lublin ! pl
[Download RAW message or body]
On Mon, Jan 31, 2005 at 01:29:24PM -0600, security@revolutionsp.com wrote:
> Very nice idea!! This greatly improves jail management on FreeBSD. There
> is a possibility for a minor drawback -- if one can change a system binary
> in the host system, them all jails are compromised -- but assuming one
> would need root access on the host to change the binary, he would have
> power to change any jail anyway, so this is rather redundant.
>
> Great feature here, when can we see this added to the system?
BTW, people are using setups like this for years.
> >> I have already done some experiments. Basically we want the following
> >> directories to be mount_null'ed:
> >> /bin, /sbin, /lib, /libexec, /usr/bin, /usr/sbin, /usr/include,
> >> /usr/lib, /usr/libdata, /usr/libexec, /usr/sbin, /usr/share
--
Paweł Małachowski
_______________________________________________
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org"
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic