Jails and multicore boxes
Federico Lorenzi
florenzi at gmail.com
Thu Nov 15 23:27:16 PST 2007
On Nov 16, 2007 6:57 AM, Norberto Meijome <freebsd at meijome.net> wrote:
> On Wed, 14 Nov 2007 19:20:06 +0100
> Erik Cederstrand <erik at cederstrand.dk> wrote:
>
> > You'll have to answer that yourself. How valuable is your data? What are
> > you trying to protect? If you're worrying about getting cracked and used
> > as a spam bot, jails are no more secure than a non-jail system.
>
> Maybe some qualification is needed here.
>
> If your mail jail gets broken into, then it will still be used as a spambot.
>
> But your host (the machine in which your jails run in) wouldn't have been compromised, necessarily, by the fact that the jail got compromised. Having root on a jail > (if that's what we are talking about by 'compromised' ) shouldn't affect your host machine. Unless there is some other vulnerability that can be used, of course.
Thats true indeed, however many people are saying that jails do not necessarily,
make an environment more secure. I'm not really knowledable in that area,
but they do add another layer to the proverbial onion. I use jails, but more
for convenience then security, if i get a new (home) server box, I can just
move some jails across with a simple tar and then scp, and have them
work pretty much instantly.
Cheers
Federico
More information about the freebsd-questions
mailing list