I want to have a secure platform, but would not like to degrade performance (amd64 based systems)
If everything that a user touches is in a jail (sendmail, dovecot, squid, httpd, ...), and each jail is running at secure level 3 AND there are no /dev/mem nor /dev/kmem devices accessible within the jail, do I still need to mitigate unauthorised access in src.conf, prior to a build, using WITH_RETPOLINE & WITH_KERNEL_RETPOLINE? Part of the reason for concern is when I jexec into j1, j1# tty /dev/pts/8 even though there is no pts node under /dev. j1# ls /dev/ crypto fd null random stderr stdin stdout urandom zero root is further restricted as I'm also running (most) applications with unpriviledged identities (eg www) where I'm leveraging security.mac.portacl.rules. This has been on my mind for sometime, but now a decision is needed, so any advise welcome :) _______________________________________________ freebsd-security@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
