kern/55163: [patch] hide kld system details from jails

Yar Tikhiy yar at FreeBSD.org
Tue Aug 5 06:50:19 PDT 2003


The following reply was made to PR kern/55163; it has been noted by GNATS.

From: Yar Tikhiy <yar at FreeBSD.org>
To: Dmitry Morozovsky <marck at rinet.ru>
Cc: FreeBSD-gnats-submit at FreeBSD.org
Subject: Re: kern/55163: [patch] hide kld system details from jails
Date: Tue, 5 Aug 2003 17:44:32 +0400

 On Mon, Aug 04, 2003 at 12:26:23PM +0400, Dmitry Morozovsky wrote:
 > 
 > Well, security thru obscurity is not the best technique ;-)
 > However, it seems that reveal too much info about host system for jail user,
 > or even for jail admin, is not always the best. We plan to use it together with
 > Pawel Jakub Dawidek's jailfsstat kernel module.
 > 
 > This code path is rare, so no performance problem I think. Any objections?
 
 The only objection I can see is that a generalized framework for
 restricting system interfaces within a jail should be developed
 instead of sticking in "if (foo_allowed)" everywhere.
 
 -- 
 Yar


More information about the freebsd-bugs mailing list