From owner-freebsd-questions@FreeBSD.ORG  Tue Jul  1 21:38:17 2014
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id CE679CC3
 for <freebsd-questions@freebsd.org>; Tue,  1 Jul 2014 21:38:17 +0000 (UTC)
Received: from mx02.qsc.de (mx02.qsc.de [213.148.130.14])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 9104F217A
 for <freebsd-questions@freebsd.org>; Tue,  1 Jul 2014 21:38:17 +0000 (UTC)
Received: from r56.edvax.de (port-92-195-69-249.dynamic.qsc.de [92.195.69.249])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mx02.qsc.de (Postfix) with ESMTPS id 0251C2B8A5;
 Tue,  1 Jul 2014 23:38:08 +0200 (CEST)
Received: from r56.edvax.de (localhost [127.0.0.1])
 by r56.edvax.de (8.14.5/8.14.5) with SMTP id s61Lc8iV002138;
 Tue, 1 Jul 2014 23:38:08 +0200 (CEST)
 (envelope-from freebsd@edvax.de)
Date: Tue, 1 Jul 2014 23:38:08 +0200
From: Polytropon <freebsd@edvax.de>
To: Sergei G <sergeig.public@gmail.com>
Subject: Re: Is article on freebsd jails having backdoor true?
Message-Id: <20140701233808.8193b2a3.freebsd@edvax.de>
In-Reply-To: <CAFLLzCP=igQF4o6aYL0LdxBJ-bK3F5soT9z-cRO1n1iG2CBYHQ@mail.gmail.com>
References: <CAFLLzCP=igQF4o6aYL0LdxBJ-bK3F5soT9z-cRO1n1iG2CBYHQ@mail.gmail.com>
Reply-To: Polytropon <freebsd@edvax.de>
Organization: EDVAX
X-Mailer: Sylpheed 3.1.1 (GTK+ 2.24.5; i386-portbld-freebsd8.2)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Cc: freebsd-questions@freebsd.org
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Jul 2014 21:38:17 -0000

On Tue, 1 Jul 2014 13:42:17 -0700, Sergei G wrote:
> freebsd-jails-are-a-huge-security-danger
> <http://aboutthebsds.wordpress.com/2013/01/13/freebsd-jails-are-a-huge-security-danger/>
> 
> Does FreeBSD 10 still have this backdoor?

If I may ask, _which_ backdoor? I tried to read the full
article (which is hard because the language quality is
low, which I am saying with the fact in mind that English
is not my native language), but I didn't find detailed
information about what kind of backdoor is meant.

An Apache security problem is mentioned. Details here:

https://blogs.apache.org/infra/entry/apache_org_04_09_2010

There is no mentioning of jail, ony one of FreeBSD. The
attack was XSS and finally got the attacker administrator
login credentials to one of their functional subsystems.
A jail backdoor is not mentioned, as far as I can tell.



> Do jails put too much overhead, more than virtualization?

I don't think so. From my limited and individual experience,
FreeBSD Jails usually work better than typical "full-featured"
virtualization solutions (which require more resources). In
case this is really a concern to you, do some testing, because
the answer to your question usually depends on many factors
which only _you_ know enough about (setting, resource, use
cases and so on).



-- 
Polytropon
Magdeburg, Germany
Happy FreeBSD user since 4.0
Andra moi ennepe, Mousa, ...