From mboxrd@z Thu Jan 1 00:00:00 1970 Received: (from majordomo@localhost) by pauillac.inria.fr (8.7.6/8.7.3) id CAA20339; Mon, 7 Apr 2003 02:23:36 +0200 (MET DST) X-Authentication-Warning: pauillac.inria.fr: majordomo set sender to owner-caml-list@pauillac.inria.fr using -f Received: from nez-perce.inria.fr (nez-perce.inria.fr [192.93.2.78]) by pauillac.inria.fr (8.7.6/8.7.3) with ESMTP id CAA20330 for ; Mon, 7 Apr 2003 02:23:34 +0200 (MET DST) Received: from kurims.kurims.kyoto-u.ac.jp (kurims.kurims.kyoto-u.ac.jp [130.54.16.1]) by nez-perce.inria.fr (8.11.1/8.11.1) with ESMTP id h370NW909023 for ; Mon, 7 Apr 2003 02:23:33 +0200 (MET DST) Received: from localhost (suiren.kurims.kyoto-u.ac.jp [130.54.16.25]) by kurims.kurims.kyoto-u.ac.jp (8.9.3p2/3.7W) with ESMTP id JAA08986; Mon, 7 Apr 2003 09:23:02 +0900 (JST) To: fred@ontosys.com Cc: caml-list@inria.fr Subject: Re: [Caml-list] Our shrinking Humps In-Reply-To: <20030406172038.GA12694@ontosoft.com> References: <20030405060347.GA2823@iliana> <200304052106.XAA05780@pauillac.inria.fr> <20030406172038.GA12694@ontosoft.com> X-Mailer: Mew version 1.94.2 on Emacs 21.2 / Mule 5.0 (SAKAKI) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-Id: <20030407092308Q.garrigue@kurims.kyoto-u.ac.jp> Date: Mon, 07 Apr 2003 09:23:08 +0900 From: Jacques Garrigue X-Dispatcher: imput version 20000228(IM140) X-Spam: no; 0.00; jacques:01 caml-list:01 shrinking:01 yankowski:01 ontosys:01 pierre:01 weis:01 tightly:01 isps:99 ocaml:01 05,:01 garrigue:01 0200,:01 trivial:01 wrote:03 Sender: owner-caml-list@pauillac.inria.fr Precedence: bulk From: Fred Yankowski > On Sat, Apr 05, 2003 at 11:06:28PM +0200, Pierre Weis wrote: > > I was thinking of something like that, experimenting with a machine > > outside our firewall and running a strong and secure OS (FreeBSD ?) to > > have a very low maintenance cost. > > You might consider using User Mode Linux to create a sandboxed > instance of Linux to hold whatever server software is needed. That > way you can build up a tightly restricted system, perhaps even sharing > an outside-the-firewall server with other INRIA applications. The jail(8) facility in FreeBSD allows that: you may create a virtual machine inside a server, which is completely isolated from everything else inside the host machine. Some ISPs are using it to provide root accounts. Still, I expect that setting up a really secure virtual machine is far from trivial: you get just the same problems as with a real machine. By the way, I recall somebody talking about setting up a cvs server written in ocaml (safe and fast code) inside a FreeBSD jail to provide maximum security. I don't know how far that project went. Maybe he is reading this list and can provide more details. Jacques Garrigue ------------------- To unsubscribe, mail caml-list-request@inria.fr Archives: http://caml.inria.fr Bug reports: http://caml.inria.fr/bin/caml-bugs FAQ: http://caml.inria.fr/FAQ/ Beginner's list: http://groups.yahoo.com/group/ocaml_beginners