Re: Functionality simular to FreeBSD's jails

To: Colin Cashman <ccashman@mediaone.net>
Cc: debian-user@lists.debian.org
Subject: Re: Functionality simular to FreeBSD's jails
From: Joey Hess <joey@kitenet.net>
Date: Thu, 15 Mar 2001 14:28:23 -0800
Message-id: <[🔎] 20010315142823.J4367@kitenet.net>
Mail-followup-to: Colin Cashman <ccashman@mediaone.net>, debian-user@lists.debian.org
In-reply-to: <[🔎] 017601c0ad8b$8ea1ed50$6b10a8c0@ccashman>; from ccashman@mediaone.net on Thu, Mar 15, 2001 at 03:07:21PM -0500
References: <[🔎] 86y9u7w2mz.fsf@juil.domain> <[🔎] 20010315104410.C9876@sherohman.org> <[🔎] 86ae6nvubn.fsf@juil.domain> <[🔎] 017601c0ad8b$8ea1ed50$6b10a8c0@ccashman>

Colin Cashman wrote:
> VSD creates replicas of a working GNU Linux file system and uses this as a template for Virtual Servers. The replica files (not the
> entire OS) are 'hardlinked' to the original image, and share the same inode as the original file (which saves disk space). Each
> replica is assigned a unique IP address, and a user can then log into that Virtual Server transparently using Telnet or FTP.

If this is intended to be secure, using hard links strikes me as a
stunningly bad idea. A process inside the chroot need only modify the
hard linked file, and they can expose a trojan outside the chroot. Not
to mention that as has been noted, chroots can be broken out of if
you're root.

-- 
see shy jo

Reply to:

References:
- Functionality simular to FreeBSD's jails
  - From: Ilya Martynov <m_ilya@agava.com>
- Re: Functionality simular to FreeBSD's jails
  - From: Dave Sherohman <esper@sherohman.org>
- Re: Functionality simular to FreeBSD's jails
  - From: Ilya Martynov <m_ilya@agava.com>
- Re: Functionality simular to FreeBSD's jails
  - From: "Colin Cashman" <ccashman@mediaone.net>

Prev by Date: Re: RDram
Next by Date: Re: NVdriver problems
Previous by thread: Re: Functionality simular to FreeBSD's jails
Next by thread: Re: Functionality simular to FreeBSD's jails
Index(es):
- Date
- Thread