Re: [Gnu-arch-users] Arch Roadmap Draft (the anticipated part 3)

gnu-arch-users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Gnu-arch-users] Arch Roadmap Draft (the anticipated part 3)

From:	Zenaan Harkness
Subject:	Re: [Gnu-arch-users] Arch Roadmap Draft (the anticipated part 3)
Date:	Thu, 08 Jul 2004 11:32:09 +1000

On Wed, 2004-07-07 at 16:17, Cameron Patrick wrote:
> James Blackwell wrote:
> > What do you think about a ulimited, chrooted shell?
> 
> That could still potentially do nasty things over the network.
> Something like User Mode Linux or FreeBSD's jail would be more
> secure.
> 
> Another possibility that I've seen used quite successfully (in an
> on-line judging system for a programming competition) is to ptrace the
> process and intercept every system call and make sure that it isn't
> doing anything untoward.  I think that it would be a massive waste of
> effort in this case, though.

vservers people:

http://www.linux-vserver.org/

Yet at the end of the day, it's really just an extension of the chroot
concept to encompass '"security contexts", segmented routing, chroot,
extended quotas and some other standard tools'.

Having a syscall approach is surely the most performant course! (UML?
for a cms repository? <shudder!/>.)

In my memory, there was definite Linux-kernel talk about more
substantial vserver work in the mainline, for Linux 2.7. And for now,
the vserver project collects and actively works in this area.

cheers
zen

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Gnu-arch-users] Arch Roadmap Draft (the anticipated part 3), (continued)
- Re: [Gnu-arch-users] Arch Roadmap Draft (the anticipated part 3), James Blackwell, 2004/07/05
  - Re: [Gnu-arch-users] Arch Roadmap Draft (the anticipated part 3), Peter Conrad, 2004/07/06
    - Re: [Gnu-arch-users] Arch Roadmap Draft (the anticipated part 3), John Meinel, 2004/07/06
    - Re: [Gnu-arch-users] Arch Roadmap Draft (the anticipated part 3), Matthew Dempsky, 2004/07/06
    - Re: [Gnu-arch-users] Arch Roadmap Draft (the anticipated part 3), John Meinel, 2004/07/06
    - Re: [Gnu-arch-users] Arch Roadmap Draft (the anticipated part 3), Jan Hudec, 2004/07/07
    - Re: [Gnu-arch-users] Arch Roadmap Draft (the anticipated part 3), James Blackwell, 2004/07/06
    - Re: [Gnu-arch-users] Arch Roadmap Draft (the anticipated part 3), James Blackwell, 2004/07/06
    - Re: [Gnu-arch-users] Arch Roadmap Draft (the anticipated part 3), Cameron Patrick, 2004/07/07
    - Re: [Gnu-arch-users] Arch Roadmap Draft (the anticipated part 3), Zenaan Harkness <=
  - Re: [Gnu-arch-users] Arch Roadmap Draft (the anticipated part 3), Tom Lord, 2004/07/06
    - Re: [Gnu-arch-users] Arch Roadmap Draft (the anticipated part 3), Andrew Suffield, 2004/07/06
    - Re: [Gnu-arch-users] Arch Roadmap Draft (the anticipated part 3), James Blackwell, 2004/07/07
    - Re: [Gnu-arch-users] Arch Roadmap Draft (the anticipated part 3), Jan Hudec, 2004/07/07
    - Re: [Gnu-arch-users] Arch Roadmap Draft (the anticipated part 3), Tom Lord, 2004/07/07
    - [Gnu-arch-users] Any CM guy looking for a job?, nadim, 2004/07/07
    - Re: [Gnu-arch-users] Arch Roadmap Draft (the anticipated part 3), Andrew Suffield, 2004/07/08
    - Re: [Gnu-arch-users] Arch Roadmap Draft (the anticipated part 3), James Blackwell, 2004/07/07
    - Re: [Gnu-arch-users] Arch Roadmap Draft (the anticipated part 3), Tom Lord, 2004/07/07
    - Re: [Gnu-arch-users] Arch Roadmap Draft (the anticipated part 3), James Blackwell, 2004/07/07

Prev by Date: Re: [Gnu-arch-users] Re: arch roadmap 1 (and "what's tom up to")
Next by Date: [Gnu-arch-users] The C-B-V-R part of a fully qualified name
Previous by thread: Re: [Gnu-arch-users] Arch Roadmap Draft (the anticipated part 3)
Next by thread: Re: [Gnu-arch-users] Arch Roadmap Draft (the anticipated part 3)
Index(es):
- Date
- Thread