Version française
Home     About     Download     Resources     Contact us    

This site is updated infrequently. For up-to-date information, please visit the new OCaml website at

Browse thread
[Caml-list] Our shrinking Humps
[ Home ] [ Index: by date | by threads ]
[ Search: ]

[ Message by date: previous | next ] [ Message in thread: previous | next ] [ Thread: previous | next ]
Date: 2003-04-08 (09:00)
From: Ed L Cashin <ecashin@u...>
Subject: Re: [Caml-list] Our shrinking Humps
Jacques Garrigue <> writes:

> The jail(8) facility in FreeBSD allows that: you may create a virtual
> machine inside a server, which is completely isolated from everything
> else inside the host machine. Some ISPs are using it to provide root
> accounts.
> Still, I expect that setting up a really secure virtual machine is far
> from trivial: you get just the same problems as with a real machine.

FreeBSD goes a long way, though, toward "real" security.  Another big
help is the kernel securelevels feature:

With this feature, you can get a server in a state where no modules
may be loaded into the kernel and certain parts of the file system are
not writable at all -- having root isn't enough.  

If you can trust the kernel and some files to be secure, then you have
a pretty good foundation for the other steps you take.

--Ed L Cashin            |   PGP public key:        |

To unsubscribe, mail Archives:
Bug reports: FAQ:
Beginner's list: