Date: Fri, 16 Nov 2007 07:27:15 +0000 From: "Federico Lorenzi" <florenzi@gmail.com> To: "Norberto Meijome" <freebsd@meijome.net> Cc: Matt Fioravante <fmatthew5876@gmail.com>, Erik Cederstrand <erik@cederstrand.dk>, freebsd-questions@freebsd.org Subject: Re: Jails and multicore boxes Message-ID: <3a386af20711152327h7bb6dac9p656f949bf0709527@mail.gmail.com> In-Reply-To: <20071116175719.67457ce4@meijome.net> References: <3eca10930711140740gb8c2b88v6a13795c41e3eafb@mail.gmail.com> <473B3C56.5020103@cederstrand.dk> <20071116175719.67457ce4@meijome.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Nov 16, 2007 6:57 AM, Norberto Meijome <freebsd@meijome.net> wrote: > On Wed, 14 Nov 2007 19:20:06 +0100 > Erik Cederstrand <erik@cederstrand.dk> wrote: > > > You'll have to answer that yourself. How valuable is your data? What are > > you trying to protect? If you're worrying about getting cracked and used > > as a spam bot, jails are no more secure than a non-jail system. > > Maybe some qualification is needed here. > > If your mail jail gets broken into, then it will still be used as a spambot. > > But your host (the machine in which your jails run in) wouldn't have been compromised, necessarily, by the fact that the jail got compromised. Having root on a jail > (if that's what we are talking about by 'compromised' ) shouldn't affect your host machine. Unless there is some other vulnerability that can be used, of course. Thats true indeed, however many people are saying that jails do not necessarily, make an environment more secure. I'm not really knowledable in that area, but they do add another layer to the proverbial onion. I use jails, but more for convenience then security, if i get a new (home) server box, I can just move some jails across with a simple tar and then scp, and have them work pretty much instantly. Cheers Federico
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3a386af20711152327h7bb6dac9p656f949bf0709527>