Version française
Home     About     Download     Resources     Contact us    
Browse thread
[Caml-list] Our shrinking Humps
[ Home ] [ Index: by date | by threads ]
[ Search: ]

[ Message by date: previous | next ] [ Message in thread: previous | next ] [ Thread: previous | next ]
Date: -- (:)
From: Jacques Garrigue <garrigue@k...>
Subject: Re: [Caml-list] Our shrinking Humps
From: Fred Yankowski <fred@ontosys.com>
> On Sat, Apr 05, 2003 at 11:06:28PM +0200, Pierre Weis wrote:
> > I was thinking of something like that, experimenting with a machine
> > outside our firewall and running a strong and secure OS (FreeBSD ?) to
> > have a very low maintenance cost.
> 
> You might consider using User Mode Linux to create a sandboxed
> instance of Linux to hold whatever server software is needed.  That
> way you can build up a tightly restricted system, perhaps even sharing
> an outside-the-firewall server with other INRIA applications.

The jail(8) facility in FreeBSD allows that: you may create a virtual
machine inside a server, which is completely isolated from everything
else inside the host machine. Some ISPs are using it to provide root
accounts.
Still, I expect that setting up a really secure virtual machine is far
from trivial: you get just the same problems as with a real machine.

By the way, I recall somebody talking about setting up a cvs server
written in ocaml (safe and fast code) inside a FreeBSD jail to provide
maximum security.  I don't know how far that project went. Maybe he is
reading this list and can provide more details.

Jacques Garrigue

-------------------
To unsubscribe, mail caml-list-request@inria.fr Archives: http://caml.inria.fr
Bug reports: http://caml.inria.fr/bin/caml-bugs FAQ: http://caml.inria.fr/FAQ/
Beginner's list: http://groups.yahoo.com/group/ocaml_beginners