Jails and multicore boxes

Erik Cederstrand erik at cederstrand.dk
Wed Nov 14 10:26:03 PST 2007

Matt Fioravante wrote:
> I've heard that things like freebsd jails or solaris zones can still
> be insecure on multicore boxes because a race condition can occur. I
> don't know more details about it other than that. Is this true now on
> freebsd?

There's always the possibility that a bug exists which lets you break 
out of a jail and give you access to the host system.

> Also, I have a home server which I'm considering running apache, bind,
> dhcp, and possiblty opening ports for some other services. Is it
> overkill to run all of these each  in their own jail?

You'll have to answer that yourself. How valuable is your data? What are 
you trying to protect? If you're worrying about getting cracked and used 
as a spam bot, jails are no more secure than a non-jail system.


More information about the freebsd-questions mailing list