Strategic Thinking (was: Re: Speculative: Rust for base system components)

[Poul-Henning Kamp]

--------
In message <alpine.BSF.2.20.1901062128280.66665 at puchar.net>, Wojciech Puchar writes:

>and this was wrong. under unix system it could just run in separate user 
>accounts.
>
>The latter virtualization or jails is just wrong attempt to solve a 
>problem that was created. Instead of simply doing it right.

Ok, that is my que...

Jails have one important property which as far as I know is unique to
all other virtualizations:  You can reach into the jail, unseen.

That means that if your jail has been compromised, you can study
the running processes while they run, without entering the jail
through any mechanism the attacker controls. (trojaned sshd(8) and
so forth.)

I have a mailbox full of anecdotes about how people have been having
fun with attackers in jails that way:  Moving files around, changing
modes on files, killing processes, and the winner so far: swapping
emacs(1) and vi(1) randomly.

As far as I know, that is a uniqu security feature of jais?

-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk at FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.