Is article on freebsd jails having backdoor true?
Polytropon
freebsd at edvax.de
Tue Jul 1 21:38:17 UTC 2014
On Tue, 1 Jul 2014 13:42:17 -0700, Sergei G wrote:
> freebsd-jails-are-a-huge-security-danger
> <http://aboutthebsds.wordpress.com/2013/01/13/freebsd-jails-are-a-huge-security-danger/>
>
> Does FreeBSD 10 still have this backdoor?
If I may ask, _which_ backdoor? I tried to read the full
article (which is hard because the language quality is
low, which I am saying with the fact in mind that English
is not my native language), but I didn't find detailed
information about what kind of backdoor is meant.
An Apache security problem is mentioned. Details here:
https://blogs.apache.org/infra/entry/apache_org_04_09_2010
There is no mentioning of jail, ony one of FreeBSD. The
attack was XSS and finally got the attacker administrator
login credentials to one of their functional subsystems.
A jail backdoor is not mentioned, as far as I can tell.
> Do jails put too much overhead, more than virtualization?
I don't think so. From my limited and individual experience,
FreeBSD Jails usually work better than typical "full-featured"
virtualization solutions (which require more resources). In
case this is really a concern to you, do some testing, because
the answer to your question usually depends on many factors
which only _you_ know enough about (setting, resource, use
cases and so on).
--
Polytropon
Magdeburg, Germany
Happy FreeBSD user since 4.0
Andra moi ennepe, Mousa, ...
More information about the freebsd-questions
mailing list