Re: COMP: Juno Virtual Supercompuer Project

From: KPJ (kpj@sics.se)
Date: Mon Feb 05 2001 - 06:21:44 MST


It appears as if <hibbert@netcom.com> wrote:
|
|Any of you feel comfortable enough with current popular OSes to believe
|that Juno can really protect their subscribers from Juno's mistakes, Juno's
|commercial customer's mistakes, and hackers?

Under Unices one can create a small sandbox using chroot which defines a
subset of the file system as the new root. Except by a kernel routine, there
exists no known way to access anything outside that restricted file system.

I understand a program called chroot forms a part of the GNU sh-utils.

By using such a program, any user code cannot escape out of the sandbox.

Of course, if one uses any non-UN*X, like MacOS or MS-WINDOWS of some kind,
then the above method need not work.



This archive was generated by hypermail 2.1.5 : Sat Nov 02 2002 - 08:05:36 MST