Version française
Home     About     Download     Resources     Contact us    
Browse thread
[Caml-list] Our shrinking Humps
[ Home ] [ Index: by date | by threads ]
[ Search: ]

[ Message by date: previous | next ] [ Message in thread: previous | next ] [ Thread: previous | next ]
Date: -- (:)
From: Ed L Cashin <ecashin@u...>
Subject: Re: [Caml-list] Our shrinking Humps
Jacques Garrigue <garrigue@kurims.kyoto-u.ac.jp> writes:

...
> The jail(8) facility in FreeBSD allows that: you may create a virtual
> machine inside a server, which is completely isolated from everything
> else inside the host machine. Some ISPs are using it to provide root
> accounts.
> Still, I expect that setting up a really secure virtual machine is far
> from trivial: you get just the same problems as with a real machine.

FreeBSD goes a long way, though, toward "real" security.  Another big
help is the kernel securelevels feature:

  http://people.freebsd.org/~jkb/howto.html#sl

With this feature, you can get a server in a state where no modules
may be loaded into the kernel and certain parts of the file system are
not writable at all -- having root isn't enough.  

If you can trust the kernel and some files to be secure, then you have
a pretty good foundation for the other steps you take.

-- 
--Ed L Cashin            |   PGP public key:
  ecashin@uga.edu        |   http://noserose.net/e/pgp/

-------------------
To unsubscribe, mail caml-list-request@inria.fr Archives: http://caml.inria.fr
Bug reports: http://caml.inria.fr/bin/caml-bugs FAQ: http://caml.inria.fr/FAQ/
Beginner's list: http://groups.yahoo.com/group/ocaml_beginners