View Single Post
  #4   (View Single Post)  
Old 25th November 2009
BSDfan666 BSDfan666 is offline
Real Name: N/A, this is the interweb.
Banned
 
Join Date: Apr 2008
Location: Ontario, Canada
Posts: 2,223
Default

I'm not sure if you're aware, but chroot(2) is not something that's only available on OpenBSD.. it is a standardized functionally that all POSIX/Unix-alikes support.

Unlike many other systems, OpenBSD makes use of this feature extensively.. most daemons additionally drop root privileges early on during initialization, reducing the blow to the rest of the system.

The ultimate security for hosting multiple sites is.. multiple servers, that's physical security.. if however you prefer to keep things centralized.. you must realize that compromises may happen eventually, having a good recovery policy in place is just good thinking, making things difficult for the said attacker is just icing on the cake.

You have already been told that OpenBSD does not support jails, this is because it's an extensive modification.. it touches practically every part of the system.. and nobody can guarantee that they are impenetrable or invulnerable to attack.

If you believe that jails are a requirement for your setup, then continue using FreeBSD.. but respect that privileged separation, chroot(2) and wise ass thinking is good enough for some people.
Reply With Quote