kern/55163: [patch] hide kld system details from jails
yar at FreeBSD.org
Tue Aug 5 06:50:19 PDT 2003
The following reply was made to PR kern/55163; it has been noted by GNATS.
From: Yar Tikhiy <yar at FreeBSD.org>
To: Dmitry Morozovsky <marck at rinet.ru>
Cc: FreeBSD-gnats-submit at FreeBSD.org
Subject: Re: kern/55163: [patch] hide kld system details from jails
Date: Tue, 5 Aug 2003 17:44:32 +0400
On Mon, Aug 04, 2003 at 12:26:23PM +0400, Dmitry Morozovsky wrote:
> Well, security thru obscurity is not the best technique ;-)
> However, it seems that reveal too much info about host system for jail user,
> or even for jail admin, is not always the best. We plan to use it together with
> Pawel Jakub Dawidek's jailfsstat kernel module.
> This code path is rare, so no performance problem I think. Any objections?
The only objection I can see is that a generalized framework for
restricting system interfaces within a jail should be developed
instead of sticking in "if (foo_allowed)" everywhere.
More information about the freebsd-bugs