From: Ed L Cashin <ecashin@uga.edu>
To: OCaml List <caml-list@inria.fr>
Subject: Re: [Caml-list] Our shrinking Humps
Date: Mon, 07 Apr 2003 03:15:04 -0400 [thread overview]
Message-ID: <87istqzslj.fsf@cs.uga.edu> (raw)
In-Reply-To: <20030407092308Q.garrigue@kurims.kyoto-u.ac.jp> (Jacques Garrigue's message of "Mon, 07 Apr 2003 09:23:08 +0900")
Jacques Garrigue <garrigue@kurims.kyoto-u.ac.jp> writes:
...
> The jail(8) facility in FreeBSD allows that: you may create a virtual
> machine inside a server, which is completely isolated from everything
> else inside the host machine. Some ISPs are using it to provide root
> accounts.
> Still, I expect that setting up a really secure virtual machine is far
> from trivial: you get just the same problems as with a real machine.
FreeBSD goes a long way, though, toward "real" security. Another big
help is the kernel securelevels feature:
http://people.freebsd.org/~jkb/howto.html#sl
With this feature, you can get a server in a state where no modules
may be loaded into the kernel and certain parts of the file system are
not writable at all -- having root isn't enough.
If you can trust the kernel and some files to be secure, then you have
a pretty good foundation for the other steps you take.
--
--Ed L Cashin | PGP public key:
ecashin@uga.edu | http://noserose.net/e/pgp/
-------------------
To unsubscribe, mail caml-list-request@inria.fr Archives: http://caml.inria.fr
Bug reports: http://caml.inria.fr/bin/caml-bugs FAQ: http://caml.inria.fr/FAQ/
Beginner's list: http://groups.yahoo.com/group/ocaml_beginners
next prev parent reply other threads:[~2003-04-08 9:00 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-03-31 14:04 Sergey Goldgaber
2003-04-02 21:52 ` Pierre Weis
2003-04-02 22:42 ` Erik Arneson
2003-04-02 23:43 ` [Caml-list] the Komprehensive Objective caml Archive Network? art yerkes
2003-04-03 6:47 ` [Caml-list] " sylvain.le-gall
2003-04-04 19:06 ` [Caml-list] Our shrinking Humps Stefano Zacchiroli
2003-04-04 19:50 ` Alexander V. Voinov
2003-04-05 6:03 ` Sven Luther
2003-04-05 6:34 ` Sergey Goldgaber
2003-04-05 6:34 ` Sergey Goldgaber
2003-04-05 21:06 ` Pierre Weis
2003-04-06 12:25 ` Stefano Zacchiroli
2003-04-06 17:20 ` Fred Yankowski
2003-04-07 0:23 ` Jacques Garrigue
2003-04-07 7:15 ` Ed L Cashin [this message]
2003-04-08 9:21 ` Martin Weber
2003-04-06 0:20 ` Vitaly Lugovsky
2003-04-06 14:01 ` Sergey Goldgaber
2003-04-05 22:00 ` Maxence Guesdon
2003-04-05 4:20 ` Sergey Goldgaber
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87istqzslj.fsf@cs.uga.edu \
--to=ecashin@uga.edu \
--cc=caml-list@inria.fr \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).