1

In this 2014 blog post from an apparently anti-BSD blog, the author criticizes BSD jails for being poorly designed and therefore insecure.

The opening paragraph reads:

If you’re thinking of employing FreeBSD jails in your server environment or use them to run insecure applications, it will be good for you to reconsider those options. Jails are one some of the most vulnerable phony “security” features ever put forth by fraudsters. They have been found to be even more insecure then a basic unix chroot and worst they even make it easier to gain control of your kernel with certain types of attacks.

The article goes on to lambast jails for having a backdoor that was installed by a control-freak developer, excessive overhead, and so on.

Obviously the author is quite biased, in my opinion pathologically so. That said, is there merit to these claims? Are BSD jails an inadequate solution for securing applications on a web server?

Improve this question
6
  • 1
    as usual... "adequate" depends on what you define as adequate, so your question, sadly, is based on an opinion on security that you forget to share! Commented Feb 19, 2017 at 17:17
  • I'm not sure if it makes sense to discuss anything on this blatantly anti-BSD blog. This article contains only claims but nothing which proves this claims so parts might be completely wrong and other parts might be greatly exaggerated. I propose to close this question because we don't really want to discuss such obviously biased "information". Commented Feb 19, 2017 at 17:23
  • @SteffenUllrich the whole point of my question was to seek clarification about the claims made in the blog. Since you seem to know more about this than I do, why not just answer the question? "Too broad" and "I don't like the subject matter" are not the same thing. Commented Feb 19, 2017 at 17:24
  • @ssdecontrol: to cite from ivoras.sharanet.org/blog/tree/… where somebody did a test with 1000 jails: CPU usage is almost 0. ...So there it is - cheap, easy, low-weight virtualization that can be quickly set up and destroyed.. As for security: they are much better than chroot (their predecessor), And lxc came way later (jail: 2000, lxc: 2008 according to wikipedia). Commented Feb 19, 2017 at 17:27
  • Well, the previous blog just claimed FreeBSD is dead. Hopefully the dead FreeBSD is still a maintained OS. Some guys do not like BSD for religious reasons (BSD license is quite different from any GNU license), and the author of that seems to be one of them. This post contains neither evidences, nor even constructed arguments but only rants. IMHO here is what it only deserves: plonk. Commented Feb 19, 2017 at 22:55

0

Reset to default

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.