On Wed, Jan 09, 2013 at 07:28:41AM +, John Long wrote:
I use Solaris zones to isolate a lot of stuff and I can host shell accounts
and occasional open source projects safely as far as I know. I would like to
be able to offer OpenBSD shell accounts but I don't know how to do that
safely
Hello misc@,
I'm researching locking things down, and I'm wondering what the current
best practice is for isolating risky programs. It seems this community
has traditionally shunned virtualization as a solution, and also called
exclusively chrooting insufficient. Okay, sure.
But what is better
On Tue, Jan 08, 2013 at 01:54:04PM -0500, Jean-Philippe Ouellet wrote:
So what do you guys recommend? Should I just chroot a vm who's network
traffic all goes through a local filter, and hope for the best? I'm
really at a loss for what to do here.
Don't use firefox. Don't browse the web.
i agree with Marc, don't be paranoid :s you use OpenBSD as a desktop
it's a great thing (personnaly i run Linux, because of driver supports).
--
Cordialement,
Loïc BLOT, UNIX systems, security and network expert
http://www.unix-experience.fr
Le mardi 08 janvier 2013 Ã 20:24 +0100, Marc Espie
On Tue, Jan 8, 2013 at 10:54 AM, Jean-Philippe Ouellet
jean-phili...@ouellet.biz wrote:
Hello misc@,
I'm researching locking things down, and I'm wondering what the current
best practice is for isolating risky programs. It seems this community
has traditionally shunned virtualization as a
On Tue, Jan 08, 2013 at 01:54:04PM -0500, Jean-Philippe Ouellet wrote:
Hello misc@,
I'm researching locking things down, and I'm wondering what the current
best practice is for isolating risky programs. It seems this community
has traditionally shunned virtualization as a solution, and also
On 01/08/13 10:54, Jean-Philippe Ouellet wrote:
Hello misc@,
I'm researching locking things down, and I'm wondering what the current
best practice is for isolating risky programs. It seems this community
has traditionally shunned virtualization as a solution, and also called
exclusively
A chroot or even just a separate user would seem to fix that problem,
assuming they couldn't easily break out of it (probably not a safe
assumption), but that still leaves many other issues, for example it
would still be able to send network traffic originating from my machine,
which would be
8 matches
Mail list logo