Re: Functionality simular to FreeBSD's jails
ES == Erik Steffl [EMAIL PROTECTED] writes: ES if you have enough $$ go with ibm 390 (or whatever the number is) ES otherwise try wmware (or other similar product), if you require ES completely virtual machines (hw and all) you need a virtual machine, I ES guess there's no way around it, chroot and I suspect jail (I don't know ES jail) would not cut it. Both ibm 390 and vmvare will be overkill. Ibm too expensive in my case (it will be even cheaper just by several PCs) and vmware too slow and heavy. Probably I will try user-mode linux. I've heard that people at ASPLinux have worked on product which allows several virtual Linux boxes inside one real but seems that haven't released it yet. BTW I've seen many people wrote to me that 'I don't know jail'. If you are interested look at http://docs.freebsd.org/44doc/papers/jail/jail.html -- Ilya Martynov AGAVA Software Company, http://www.agava.com
Re: Functionality simular to FreeBSD's jails
CC == Colin Cashman [EMAIL PROTECTED] writes: No. chroot is not safe enough. I want to create virtual boxes in which I can give root rights to other people and I want to be sure that they can't break other boxes. AGAIK if you have root you can escape chroot'ed directory. Another problems that root can have direct access to devices. I don't want to allow it. Good solution is really independant virtual boxes which are run from one real. This is what FreeBSD's jails provides. User-mode linux kernel seems to allow it too but I'm not sure how stable is it and if there are exist any limitations. CC I just found a page that might contain what you are looking for: CC http://www.gnu.org/directory/vsd.html CC VSD - Facilitates Linux Virtual Servers within a 'chroot' CC environment. Yes, I've seen it and simular solutions. The problem is that as I have wrote 'chroot is not safe enough'. It is not possible to give root rights to people in chroot'ed environment if you don't want to trust them. BTW except problems with direct access to devices and possibility to escape chroot by root there is exist another problem (for me) with chroot. Chroot only allows isolations of boxes at filesystem level. For example you can't have two mailservers running at the same time - first in first virtual box, second in another. At least you can't do it unless you configure them to listen on different interfaces. (BTW is it possible to create several loopback interfaces - I think no). Let me describe my needs. 1) I want to build testing and development envronment for developers in my company. Thereis several developers who works on different project. Often it is much more easier to give developers root access then try to fune tune sceurity system on development servers so they will be able to install/configure software there. So I want to just create several virtual boxes and give there freely root access. So I can be sure than one group of developers can't break things for another group. 2) Another task is building automated tests for our software. One product our developers work on is maillist software. For creation of automated tests for this software it is *required* to have several boxes. If I just can create a bunch of virtual boxes it will be very usefull. Combining 1) and 2) gives need for independant virtual boxes. 'chroot' is not good enough. CC [..skip..] -- Ilya Martynov AGAVA Software Company, http://www.agava.com
Re: Functionality simular to FreeBSD's jails
if you have enough $$ go with ibm 390 (or whatever the number is) otherwise try wmware (or other similar product), if you require completely virtual machines (hw and all) you need a virtual machine, I guess there's no way around it, chroot and I suspect jail (I don't know jail) would not cut it. erik Ilya Martynov wrote: CC == Colin Cashman [EMAIL PROTECTED] writes: No. chroot is not safe enough. I want to create virtual boxes in which I can give root rights to other people and I want to be sure that they can't break other boxes. AGAIK if you have root you can escape chroot'ed directory. Another problems that root can have direct access to devices. I don't want to allow it. Good solution is really independant virtual boxes which are run from one real. This is what FreeBSD's jails provides. User-mode linux kernel seems to allow it too but I'm not sure how stable is it and if there are exist any limitations. CC I just found a page that might contain what you are looking for: CC http://www.gnu.org/directory/vsd.html CC VSD - Facilitates Linux Virtual Servers within a 'chroot' CC environment. Yes, I've seen it and simular solutions. The problem is that as I have wrote 'chroot is not safe enough'. It is not possible to give root rights to people in chroot'ed environment if you don't want to trust them. BTW except problems with direct access to devices and possibility to escape chroot by root there is exist another problem (for me) with chroot. Chroot only allows isolations of boxes at filesystem level. For example you can't have two mailservers running at the same time - first in first virtual box, second in another. At least you can't do it unless you configure them to listen on different interfaces. (BTW is it possible to create several loopback interfaces - I think no). Let me describe my needs. 1) I want to build testing and development envronment for developers in my company. Thereis several developers who works on different project. Often it is much more easier to give developers root access then try to fune tune sceurity system on development servers so they will be able to install/configure software there. So I want to just create several virtual boxes and give there freely root access. So I can be sure than one group of developers can't break things for another group. 2) Another task is building automated tests for our software. One product our developers work on is maillist software. For creation of automated tests for this software it is *required* to have several boxes. If I just can create a bunch of virtual boxes it will be very usefull. Combining 1) and 2) gives need for independant virtual boxes. 'chroot' is not good enough. CC [..skip..] -- Ilya Martynov AGAVA Software Company, http://www.agava.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Functionality simular to FreeBSD's jails
Hi, I'm interested if there is exists some software which allows to implement virtual boxes under Linux (something that provide simular capabilities as FreeBSD's jails). The only thing I know about is user-mode linux kernel. Does anybody had experience with it? How stable is it? Is there any limitations? Is there any other alternatives that can run under Linux? -- Ilya Martynov AGAVA Software Company, http://www.agava.com
Re: Functionality simular to FreeBSD's jails
On Thu, Mar 15, 2001 at 05:03:16PM +0300, Ilya Martynov wrote: I'm interested if there is exists some software which allows to implement virtual boxes under Linux (something that provide simular capabilities as FreeBSD's jails). The only thing I know about is user-mode linux kernel. Does anybody had experience with it? How stable is it? Is there any limitations? Is there any other alternatives that can run under Linux? Something like chroot? -- Linux will do for applications what the Internet did for networks. - IBM, Peace, Love, and Linux Geek Code 3.1: GCS d? s+: a- C++ UL++$ P+ L+++ E- W--(++) N+ o+ !K w---$ O M- V? PS+ PE Y+ PGP t 5++ X+ R++ tv b+ DI D G e* h+ r y+
Re: Functionality simular to FreeBSD's jails
DS == Dave Sherohman [EMAIL PROTECTED] writes: DS On Thu, Mar 15, 2001 at 05:03:16PM +0300, Ilya Martynov wrote: I'm interested if there is exists some software which allows to implement virtual boxes under Linux (something that provide simular capabilities as FreeBSD's jails). The only thing I know about is user-mode linux kernel. Does anybody had experience with it? How stable is it? Is there any limitations? Is there any other alternatives that can run under Linux? DS Something like chroot? No. chroot is not safe enough. I want to create virtual boxes in which I can give root rights to other people and I want to be sure that they can't break other boxes. AGAIK if you have root you can escape chroot'ed directory. Another problems that root can have direct access to devices. I don't want to allow it. Good solution is really independant virtual boxes which are run from one real. This is what FreeBSD's jails provides. User-mode linux kernel seems to allow it too but I'm not sure how stable is it and if there are exist any limitations. -- Ilya Martynov AGAVA Software Company, http://www.agava.com
Re: Functionality simular to FreeBSD's jails
Not knowing about *BSD's jails I'm not sure if you want to restrict a user to only one part of the filesystem why not use chroot? -- Original Message -- From: Ilya Martynov [EMAIL PROTECTED] Date: 15 Mar 2001 17:03:16 +0300 Hi, I'm interested if there is exists some software which allows to implement virtual boxes under Linux (something that provide simular capabilities as FreeBSD's jails). The only thing I know about is user-mode linux kernel. Does anybody had experience with it? How stable is it? Is there any limitations? Is there any other alternatives that can run under Linux? -- Ilya Martynov AGAVA Software Company, http://www.agava.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Functionality simular to FreeBSD's jails
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A long time ago, in a galaxy far, far way, someone said... No. chroot is not safe enough. I want to create virtual boxes in which I can give root rights to other people and I want to be sure that they can't break other boxes. The closest Linux comes to FreeBSD's jail functionality is User-Mode Linux. The home page is http://user-mode-linux.sourceforge.net/. What it is is a port of the 2.4.x Linux kernel to run as a user-level application. It creates a virtual machine with its own root file system, root password, and so on. The applications running in the virtual machine (eg BIND) have no way of knowing that they are running in a virtual machine. If the application in the VM gets hacked, all the attacker gets to is the simulated root, and has *no* access to the host machine (rather, as much access as the administrator gives the vm). Network access goes over a simulated lan on the host machine using Linux's ethernet tap functionality. - -- - -- Phil Brutsche [EMAIL PROTECTED] GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC GPG key id: 50DE1CFC GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6sQQ0/ZTSZFDeHPwRAvasAJsH/jheWQl6MTNJbb9gTvPcxtXO4wCfQKNy /POH7VXL5sqhWtGd2WbI4ac= =6Io3 -END PGP SIGNATURE-
Re: Functionality simular to FreeBSD's jails
No. chroot is not safe enough. I want to create virtual boxes in which I can give root rights to other people and I want to be sure that they can't break other boxes. AGAIK if you have root you can escape chroot'ed directory. Another problems that root can have direct access to devices. I don't want to allow it. Good solution is really independant virtual boxes which are run from one real. This is what FreeBSD's jails provides. User-mode linux kernel seems to allow it too but I'm not sure how stable is it and if there are exist any limitations. I just found a page that might contain what you are looking for: http://www.gnu.org/directory/vsd.html VSD - Facilitates Linux Virtual Servers within a 'chroot' environment. The Virtual Server Daemon is free software that creates Linux Virtual Servers with the look, feel, and functionality of a dedicated Linux appliance. This lets web servers and other applications be deployed and administered discretely without a security threat. VSD powered servers run just one instance of the Linux kernel per host server. A single Intel P-III with sufficient RAM can service 250 Virtual Servers. VSD was developed for situations where leased lines and server colocation were impossible for financial or technical reasons. VSD creates replicas of a working GNU Linux file system and uses this as a template for Virtual Servers. The replica files (not the entire OS) are 'hardlinked' to the original image, and share the same inode as the original file (which saves disk space). Each replica is assigned a unique IP address, and a user can then log into that Virtual Server transparently using Telnet or FTP. Using 'chroot' software, the user is then 'locked' into the Virtual Server environment and cannot reach adjacent Virtual Servers or the main Operating System files, thus reducing the security risk.
Re: Functionality simular to FreeBSD's jails
Colin Cashman wrote: VSD creates replicas of a working GNU Linux file system and uses this as a template for Virtual Servers. The replica files (not the entire OS) are 'hardlinked' to the original image, and share the same inode as the original file (which saves disk space). Each replica is assigned a unique IP address, and a user can then log into that Virtual Server transparently using Telnet or FTP. If this is intended to be secure, using hard links strikes me as a stunningly bad idea. A process inside the chroot need only modify the hard linked file, and they can expose a trojan outside the chroot. Not to mention that as has been noted, chroots can be broken out of if you're root. -- see shy jo
Re: Functionality simular to FreeBSD's jails
On Thu, Mar 15, 2001 at 10:15:57AM -0700, Ray Percival wrote:
Not knowing about *BSD's jails I'm not sure if you want to
restrict a user to only one part of the filesystem why not use
chroot?
Because root can break out of a chroot().
Trivially.
It's not related to devices, like some seem to think... the method is
even simpler:
#define MY_JAIL_PATH /whatever/you/want
chdir( MY_JAIL_PATH );
chroot( MY_JAIL_PATH );
/* process is now supposedly jailed */
/* can we get out? sure we have the keys cause we're root */
mkdir( MY_JAIL_PATH /escape );/* did I mention I love ANSI C's
string concatenation? */
chroot( MY_JAIL_PATH /escape );
/* now, at this point, we're chrooted to /whatever/you/want/escape...
but our current directory is /whatever/you/want*/
/* let's go up a bit */
chdir (../../../../../../../../../.. ); /* should be plenty, if not
we can just repeat it... */
chroot ( . );
And, like magic, we're out of jail.
Yes, chroot is useful. It's VERY useful for programs that -drop- their
privileges (and thus can't chroot() again to break out). But, in this
case, the questioner wanted to allow root into the jail... you can't do
that without destroying all the security that chroot gives you. It's
not a panacea.
Now, there are workarounds: the 'capabilities' of current kernels should
allow you to grant root without granting the ability to chroot... but
the capabilities aren't well understood in the real world. Playing with
them too much will break things in new and interesting ways... I'm
not sure if I'd trust them to work as they should, and they'd
interfere with being able to chroot things in the virtual environment
(which you may want to do).
Oh, yeah, and the above behavior of chroot() isn't really a bug in
Linux: it's a bug in POSIX.
(I'm not willing to say that jail() is a panacea either... it's been
abused on FreeBSD -- see http://www.securityfocus.com/archive/1/153336
for example.)
--
CueCat decoder .signature by Larry Wall:
#!/usr/bin/perl -n
printf Serial: %s Type: %s Code: %s\n, map { tr/a-zA-Z0-9+-/ -_/; $_ = unpack
'u', chr(32 + length()*3/4) . $_; s/\0+$//; $_ ^= C x length; } /\.([^.]+)/g;
Re: Functionality simular to FreeBSD's jails
On Thursday 15 March 2001 08:03, Ilya Martynov wrote: Hi, I'm interested if there is exists some software which allows to implement virtual boxes under Linux (something that provide simular capabilities as FreeBSD's jails). The only thing I know about is user-mode linux kernel. Does anybody had experience with it? How stable is it? Is there any limitations? Is there any other alternatives that can run under Linux? Could chroot be the answer you're looking for? -- Bud Rogers [EMAIL PROTECTED] http://www.sirinet.net/~budr All things in moderation. And not too much moderation either.
