Date: Wed, 14 Nov 2007 19:20:06 +0100 From: Erik Cederstrand <erik@cederstrand.dk> To: Matt Fioravante <fmatthew5876@gmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: Jails and multicore boxes Message-ID: <473B3C56.5020103@cederstrand.dk> In-Reply-To: <3eca10930711140740gb8c2b88v6a13795c41e3eafb@mail.gmail.com> References: <3eca10930711140740gb8c2b88v6a13795c41e3eafb@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Matt Fioravante wrote: > I've heard that things like freebsd jails or solaris zones can still > be insecure on multicore boxes because a race condition can occur. I > don't know more details about it other than that. Is this true now on > freebsd? There's always the possibility that a bug exists which lets you break out of a jail and give you access to the host system. > Also, I have a home server which I'm considering running apache, bind, > dhcp, and possiblty opening ports for some other services. Is it > overkill to run all of these each in their own jail? You'll have to answer that yourself. How valuable is your data? What are you trying to protect? If you're worrying about getting cracked and used as a spam bot, jails are no more secure than a non-jail system. Erik
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?473B3C56.5020103>