Jails and multicore boxes
Erik Cederstrand
erik at cederstrand.dk
Wed Nov 14 10:26:03 PST 2007
Matt Fioravante wrote:
> I've heard that things like freebsd jails or solaris zones can still
> be insecure on multicore boxes because a race condition can occur. I
> don't know more details about it other than that. Is this true now on
> freebsd?
There's always the possibility that a bug exists which lets you break
out of a jail and give you access to the host system.
> Also, I have a home server which I'm considering running apache, bind,
> dhcp, and possiblty opening ports for some other services. Is it
> overkill to run all of these each in their own jail?
You'll have to answer that yourself. How valuable is your data? What are
you trying to protect? If you're worrying about getting cracked and used
as a spam bot, jails are no more secure than a non-jail system.
Erik
More information about the freebsd-questions
mailing list