View Single Post
Old 21st March 2009
BSDfan666 BSDfan666 is offline
Real Name: N/A, this is the interweb.
Banned
 
Join Date: Apr 2008
Location: Ontario, Canada
Posts: 2,223
Default

Logical Domains are an architectural feature of some UltraSPARC systems, basically a hardware assisted virtualization.. totally unrelated to this chroot/sysjail discussion.

As mentioned by jggimi, sysjail was an effort to create a FreeBSD jail-like environment for OpenBSD/NetBSD using existing frameworks, chroot(2) and systrace(4).

A long standing assumption has been that systrace is completely secure, it clearly isn't.. but it can be used for temporarily restricting access to specific system calls and resources.

For example, it might stop an evil program for doing evil things.. presuming the program isn't aware of a systrace vulnerability.

Quote:
Originally Posted by http://sysjail.bsd.lv/
IMPORTANT: Due to handling semantics of user/kernel memory in concurrent environments, the sysjail tools, in inheriting from systrace(4), are vulnerable to exploitation. Details available here. Many thanks to Robert Watson for discovering these issues! Until these problems have been addressed, we do not recommend using sysjail (or any systrace(4) tools, including systrace(1)) for security purposes. sysjail is no longer maintained.
That said, it is still part of the OpenBSD base system.. and many others.. it can still be useful in some situations.. depending on how you use it.

FreeBSD jails have a lot of kernel support, the architecture is different.. presumably this is all documented if you're willing to search for it.

http://en.wikipedia.org/wiki/FreeBSD_jail
http://en.wikipedia.org/wiki/Systrace
http://sysjail.bsd.lv/

I hope that clears some things up, UltraSPARC LDOMS are a possibly similar but different topic.
Reply With Quote