From owner-freebsd-questions@FreeBSD.ORG Thu Mar 3 23:12:40 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6225716A4CE for ; Thu, 3 Mar 2005 23:12:40 +0000 (GMT) Received: from crumpet.united-ware.com (ddsl-66-42-172-210.fuse.net [66.42.172.210]) by mx1.FreeBSD.org (Postfix) with ESMTP id D178543D1F for ; Thu, 3 Mar 2005 23:12:39 +0000 (GMT) (envelope-from mistry.7@osu.edu) Received: from [192.168.1.100] (adsl-68-252-59-28.dsl.wotnoh.ameritech.net [68.252.59.28]) (authenticated bits=0)j23Mgulu084038 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NO); Thu, 3 Mar 2005 17:43:19 -0500 (EST) (envelope-from mistry.7@osu.edu) From: Anish Mistry To: Ean Kingston Date: Thu, 3 Mar 2005 18:14:56 -0500 User-Agent: KMail/1.7 References: <4227164D.3050103@cis.strath.ac.uk> <200503031316.56083.mistry.7@osu.edu> <4011.216.220.59.169.1109888589.squirrel@216.220.59.169> In-Reply-To: <4011.216.220.59.169.1109888589.squirrel@216.220.59.169> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart10079835.7YT7haUBNq"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200503031815.04158.mistry.7@osu.edu> X-Spam-Status: No, hits=0.0 required=5.0 tests=none autolearn=no version=2.64 X-Spam-Checker-Version: SpamAssassin 2.64 (2004-01-11) on crumpet.united-ware.com cc: freebsd-questions@freebsd.org cc: Chris Hodgins Subject: Re: Sharing directories with jails X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Mar 2005 23:12:40 -0000 --nextPart10079835.7YT7haUBNq Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Thursday 03 March 2005 05:23 pm, Ean Kingston wrote: > > On Thursday 03 March 2005 12:42 pm, Chris Hodgins wrote: > > [cut original question and answer] > > >> Ok perhaps I should clarify what my intentions are a little > >> more. I am planning on providing a FreeBSD jail for any member > >> of a geek society I am a member of. When I say they are > >> untrusted, I mean that I won't be giving them full root access > >> to my server but I trust them enough not to do anything > >> malicious inside a jail. It is just like a fun place they can > >> play and not have to worry to much about breaking things. > >> > >> How easy is it exactly to break out of a jail if you have access > >> to development tools? > > > > http://www.securiteam.com/unixfocus/5WP031535U.html > > How current is this? The article appears to be dated 2001. Are > there still buffer-overflow issues with /proc? > 5.3 and later no longer need proc and it's not mounted by default. > > If you use securelevels you can a sigificantly improve security. =2D-=20 Anish Mistry --nextPart10079835.7YT7haUBNq Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (FreeBSD) iD8DBQBCJ5p4xqA5ziudZT0RAnQKAJwMVpV0p9W45gk2aGHhZ789Fg+w3ACcCQ+y xMS7duMm1LokEohKvMxHKmU= =l/1q -----END PGP SIGNATURE----- --nextPart10079835.7YT7haUBNq--