[nycbug-talk] Jail Performance

Bob Ippolito bob
Wed Jan 5 10:40:57 EST 2005


On Jan 5, 2005, at 9:25 AM, Sunny Dubey wrote:

> On Tuesday 04 January 2005 22:54, Pete Wright wrote:
>> Hey nycbugers,
>> 	I've been kicking around some ideas regarding jailing
>> in an "enterprise" environment.  While jails do have the obvious
>> benefit of added security; one thing that interests me are the
>> possibilities of using jails to assist with server and app.
>> management in distrubited envrionments.  The basic idea I am
>> thinking of is creating jails for specific applications that
>> get loaded to a farm of servers via PXE-TFTP.  One would netboot
>> a server, and then dist a jail to that system after boot.
>
> I have to admit, I don't see the security behind a single jail 
> solution.  If I
> need to run httpd/maild/something-d whatever I run is going to touch 
> XYZ.
> (In this case XYZ can be sensitive data, databases, etc).  
> Theoretically I
> already have a security issue by running whatever service/daemon/app.
>
> The OS becomes nothing more than a management tool that provides for 
> me to
> admin, provides the computing needed by whatever app, and the OS itself
> becomes a security risk.  That being said the host-OS must provide for 
> the
> jail-OS which in turn provides for the app.  Each time you add an OS 
> into the
> picture, I would assume it is another security risk.
>
> (I'm thinking of data security greatly here, heh)

If each daemon is running in a separate jail, then the security is that 
there is no way (assuming the kernel is not buggy, which you don't) 
that even a root exploit in one daemon can provide direct access to the 
files of another.  Of course, as you say, you probably can get at some 
important ports and passwords by exploiting httpd, because it is going 
to talk to the database.  Depending on the way the database is setup, 
those passwords might not be able to do too much damage to the database 
in the first place.

-bob





More information about the talk mailing list