Jails and multicore boxes
erik at cederstrand.dk
Wed Nov 14 10:26:03 PST 2007
Matt Fioravante wrote:
> I've heard that things like freebsd jails or solaris zones can still
> be insecure on multicore boxes because a race condition can occur. I
> don't know more details about it other than that. Is this true now on
There's always the possibility that a bug exists which lets you break
out of a jail and give you access to the host system.
> Also, I have a home server which I'm considering running apache, bind,
> dhcp, and possiblty opening ports for some other services. Is it
> overkill to run all of these each in their own jail?
You'll have to answer that yourself. How valuable is your data? What are
you trying to protect? If you're worrying about getting cracked and used
as a spam bot, jails are no more secure than a non-jail system.
More information about the freebsd-questions