[
Home
]
[ Index:
by date
|
by threads
]
[ Message by date: previous | next ] [ Message in thread: previous | next ] [ Thread: previous | next ]
[ Message by date: previous | next ] [ Message in thread: previous | next ] [ Thread: previous | next ]
| Date: | -- (:) |
| From: | Jacques Garrigue <garrigue@k...> |
| Subject: | Re: [Caml-list] Our shrinking Humps |
From: Fred Yankowski <fred@ontosys.com> > On Sat, Apr 05, 2003 at 11:06:28PM +0200, Pierre Weis wrote: > > I was thinking of something like that, experimenting with a machine > > outside our firewall and running a strong and secure OS (FreeBSD ?) to > > have a very low maintenance cost. > > You might consider using User Mode Linux to create a sandboxed > instance of Linux to hold whatever server software is needed. That > way you can build up a tightly restricted system, perhaps even sharing > an outside-the-firewall server with other INRIA applications. The jail(8) facility in FreeBSD allows that: you may create a virtual machine inside a server, which is completely isolated from everything else inside the host machine. Some ISPs are using it to provide root accounts. Still, I expect that setting up a really secure virtual machine is far from trivial: you get just the same problems as with a real machine. By the way, I recall somebody talking about setting up a cvs server written in ocaml (safe and fast code) inside a FreeBSD jail to provide maximum security. I don't know how far that project went. Maybe he is reading this list and can provide more details. Jacques Garrigue ------------------- To unsubscribe, mail caml-list-request@inria.fr Archives: http://caml.inria.fr Bug reports: http://caml.inria.fr/bin/caml-bugs FAQ: http://caml.inria.fr/FAQ/ Beginner's list: http://groups.yahoo.com/group/ocaml_beginners