From owner-freebsd-announce Thu Feb 3 1:18:50 2000 Delivered-To: freebsd-announce@freebsd.org Received: from zippy.cdrom.com (zippy.cdrom.com [204.216.27.228]) by builder.freebsd.org (Postfix) with ESMTP id 1ABC642C8 for ; Thu, 3 Feb 2000 01:18:46 -0800 (PST) Received: from zippy.cdrom.com (jkh@localhost [127.0.0.1]) by zippy.cdrom.com (8.9.3/8.9.3) with ESMTP id BAA49476 for ; Thu, 3 Feb 2000 01:19:00 -0800 (PST) (envelope-from jkh@zippy.cdrom.com) To: announce@freebsd.org Subject: Mailing list search engine at www.freebsd.org down for repair. Date: Thu, 03 Feb 2000 01:18:59 -0800 Message-ID: <49472.949569539@zippy.cdrom.com> From: "Jordan K. Hubbard" Sender: owner-freebsd-announce@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi all, Our primary mail server, using the special type of evil ESP abilities which all critical hardware items possess, took advantage of everyone (including our postmaster) being away at LinuxWorld in New York to exhibit the "F" in "MTBF" with respect to hard drive specifications. We have mail services running again on a backup system but it will take a little while longer until all other mail-related services (like web search) are restored. We apologize for the inconvenience and hope to have this problem fixed shortly. A situation almost exactly like this (disk hardware failure) occurred with freefall during FreeBSDCon '99, incidently, and with this second incident we've certainly gotten the message: All critical freebsd.org assets will use (hardware) RAID arrays for storage in the future and we'll begin implementing that just as soon as we return. Regards, - Jordan This is the moderated mailing list freebsd-announce. The list contains announcements of new FreeBSD capabilities, important events and project milestones. See also the FreeBSD Web pages at http://www.freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-announce" in the body of the message From owner-freebsd-announce Tue Feb 8 22:23:32 2000 Delivered-To: freebsd-announce@freebsd.org Received: from zippy.cdrom.com (zippy.cdrom.com [204.216.27.228]) by builder.freebsd.org (Postfix) with ESMTP id 5AA3842AE for ; Tue, 8 Feb 2000 16:40:50 -0800 (PST) Received: from zippy.cdrom.com (jkh@localhost [127.0.0.1]) by zippy.cdrom.com (8.9.3/8.9.3) with ESMTP id QAA95515 for ; Tue, 8 Feb 2000 16:41:31 -0800 (PST) (envelope-from jkh@zippy.cdrom.com) To: announce@freebsd.org Subject: Mail services continue to be sporadic at freebsd.org. Date: Tue, 08 Feb 2000 16:41:31 -0800 Message-ID: <95512.950056891@zippy.cdrom.com> From: "Jordan K. Hubbard" Sender: owner-freebsd-announce@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Just an update to note that our postmaster is still on the road and the replacement hardware is somewhere in the ordering and shipping process, so it will be at least another week until things return to normal. Sorry for the outtage. - Jordan This is the moderated mailing list freebsd-announce. The list contains announcements of new FreeBSD capabilities, important events and project milestones. See also the FreeBSD Web pages at http://www.freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-announce" in the body of the message From owner-freebsd-announce Wed Feb 9 8:31: 5 2000 Delivered-To: freebsd-announce@freebsd.org Received: from vnode.vmunix.com (vnode.vmunix.com [209.112.4.20]) by builder.freebsd.org (Postfix) with ESMTP id 9FE3740AB for ; Wed, 9 Feb 2000 08:30:42 -0800 (PST) Received: from localhost (chrisc@localhost) by vnode.vmunix.com (8.9.3/8.9.3) with ESMTP id LAA52061 for ; Wed, 9 Feb 2000 11:30:10 -0500 (EST) Date: Wed, 9 Feb 2000 11:30:10 -0500 (EST) From: Chris Coleman To: announce@freebsd.org Subject: FreeBSD Real Quick News Letter Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-announce@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org FreeBSD Real-Quick(TM) NewsLetter. Things Happening in FreeBSD. Release Information: FreeBSD 3.4 is available from http://mall.daemonnews.org FreeBSD 4.0 is scheduled to be released about the end of the month. ------------------------------------------------------------------------- Buddying up to FreeBSD, Part Five February 08, 2000 This is a nice article on the FreeBSD ports collection on a linux site, aimed at linux users. MORE: http://daily.daemonnews.org/view_story.php3?story_id=599 LINK: http://www.linux.com/featured_articles/20000208/275/ ------------------------------------------------------------------------- The story on FreeBSD February 04, 2000 "FreeBSD's effectiveness depends on who you are and what you need. Whether you're a Linux hobbyist, a system administrator responsible for a building chock full of heterogeneous systems, a Web administrator, an application developer focused on Linux customers, an open source advocate, or even a department manager looking to stay on the peak of cost efficiency, this article explains what FreeBSD is and how it might contribute to your specific situation." -- LinuxWorld MORE: http://daily.daemonnews.org/view_story.php3?story_id=576 LINK: http://www.linuxworld.com/linuxworld/lw-1998-12/lw-12-freebsd.html ------------------------------------------------------------------------- VTun 2.0 package for FreeBSD and OpenBSD February 03, 2000 Released VTun 2.0 package for FreeBSD and OpenBSD. VTun is the easiest way to create Virtual Tunnels over TCP/IP networks with traffic shaping, compression, and encryption. It is a user space implementation and doesn't need modification of any kernel parts. VTun supports IP, PPP, SLIP, Ethernet and other tunnel types. VTun is easily and highly configurable, it can be used for various network tasks like VPN, Mobil IP, Shaped Internet access, IP address saving, etc. MORE: http://daily.daemonnews.org/view_story.php3?story_id=572 LINK: http://vtun.netpedia.net ------------------------------------------------------------------------- Blueprints: Software RAID for BSD: Vinum by Greg Lehey Many BSD systems have storage needs which current generation disks can't fulfill by themselves: they may want more storage, more performance or more reliability than an individual disk can provide... Read More URL: http://www.daemonnews.org/200002/vinum.html ------------------------------------------------------------------------- Contributing to BSD. I started Daemon News almost two years ago because I wasn't a programmer and I still wanted to contribute to BSD. I did make a good effort at becoming a programmer so I could contribute back to BSD. I even wrote a small PERL utility and tried to get it committed. No Luck. After much struggling, I realized that I just wasn't a programmer. When I started DN, the huge response I got told me that there are a lot of non-programmer types out there that would like to contribute to BSD also. At DN, we have a lot of not-so-techy type volunteer positions available. URL: http://staff.daemonnews.org ------------------------------------------------------------------------- FreeBSD for the SVR4/Linux Administrator February 02, 2000 Michael Lucas has written another FreeBSD article for Sys Admin, this one about some basics of administration, finding FreeBSD resources and getting help from the community. Although the author has ostensibly written it for SVR4 or Linux admins, it only mentions a few minor differences between those and BSD. Overall, it's a great introductory article for _any_ sysadmin new to FreeBSD. Michael's articles keep getting better and better. MORE: http://daily.daemonnews.org/view_story.php3?story_id=569 LINK: http://www.samag.com/current/feature.shtml ------------------------------------------------------------------------- Daemon News Mall We are trying to position ourselves as the main reseller for all BSD related items. We are off to a good start, and I think we have the basics listed. Now we need your help. We need to contact EVERYONE selling BSD merchandise and talk them into listing it with us. If everyone on this list would fire up a couple of e-mail to their favorite vendors and tell them that DN would like to resell their products, it would be great. URL: http://mall.daemonnews.org ------------------------------------------------------------------------- -Chris Coleman Daemon News Editor in Chief This is the moderated mailing list freebsd-announce. The list contains announcements of new FreeBSD capabilities, important events and project milestones. See also the FreeBSD Web pages at http://www.freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-announce" in the body of the message From owner-freebsd-announce Wed Feb 9 11:32:33 2000 Delivered-To: freebsd-announce@freebsd.org Received: from zippy.cdrom.com (zippy.cdrom.com [204.216.27.228]) by builder.freebsd.org (Postfix) with ESMTP id 3677C4177 for ; Wed, 9 Feb 2000 11:32:27 -0800 (PST) Received: from zippy.cdrom.com (jkh@localhost [127.0.0.1]) by zippy.cdrom.com (8.9.3/8.9.3) with ESMTP id LAA00308 for ; Wed, 9 Feb 2000 11:33:10 -0800 (PST) (envelope-from jkh@zippy.cdrom.com) To: announce@freebsd.org Subject: 4.0 release candidate now up for FTP - come and get it! Date: Wed, 09 Feb 2000 11:33:09 -0800 Message-ID: <304.950124789@zippy.cdrom.com> From: "Jordan K. Hubbard" Sender: owner-freebsd-announce@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org We're now 21 days from the official release of 4.0 and I've just finished uploading the 4.0 release candidate I promised everyone, complete with ISO images for both the Alpha and x86 architectures (BOTH should be bootable, so Alpha people should definitely try to install directly from these ISOs if they can lay their hands on a burner and a fast Internet connection). These are true release candidates, with full XFree86 3.3.6 and package bits, and I encourage people to test the heck out of them. I'd also like to thank two people who don't get enough acknowledgement in this process: Steve Price and Satoshi Asami . They provide the precompiled packages which go into these releases and, now that the ports collection has grown past 3000 ports (largely Steve's fault again), this has become an even more significant yet still largely thankless job. Let's at least try and solve the latter problem by taking this opportunity to give them a big round of thanks! I'd also like to thank Brian McGovern's newly-formed QA team (freebsd-qa@freebsd.org) for bringing more organized quality assurance to this process. They've only just started to ramp up their operations, but already I've gotten a lot of good feedback from them and look forward to working closely with them in the future. Usual feedback and kvetching to me and/or current@freebsd.org please. We have 21 more days to round off the sharp edges with 4.0 and I strongly encourage everyone to not wait until the last minute. I will, at most, be doing only one more release candidate before 4.0 is declared officially released and it becomes a little late to fix it. For direct FTP installations, please see: ftp://ftp.freebsd.org/pub/FreeBSD/snapshots/{i386,alpha}/4.0-20000208-CURRENT If you're looking for installable ISO images, please see: ftp://ftp.freebsd.org/pub/FreeBSD/snapshots/ISO-IMAGES/4.0-20000208-CURRENT Thanks! - Jordan This is the moderated mailing list freebsd-announce. The list contains announcements of new FreeBSD capabilities, important events and project milestones. See also the FreeBSD Web pages at http://www.freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-announce" in the body of the message From owner-freebsd-announce Fri Feb 18 5:39:29 2000 Delivered-To: freebsd-announce@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 608) id B659237B957; Fri, 18 Feb 2000 05:39:26 -0800 (PST) To: announce@freebsd.org From: Brett Glass Subject: Call for BSD Participation: O'Reilly Open Source Conference Cc: daily@daemonnews.org Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-announce@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Calling all BSD enthusiasts: Good news! O'Reilly's Open Source Convention (http://conferences.ora.com/oscon2000/call.html), which will be held July 17-20, 2000 in Monterey, California, will have a BSD track for the first time this year. (Last year, the tracks included Linux, Perl, Apache, Python, Sendmail, Tcl, and "Business" -- a catch-all for general open source-related topics.) Interest in the BSD-related sessions will determine whether the BSD track becomes a permanent part of the conference, so we need to make a good showing if we want to be part of this event in future years. I've been asked to book speakers for this year's program. The Convention Format The convention consists of two parts: Two days of intensive "tutorials" (each lasting 3 or 6 hours) and a two-day "conference" (consisting of shorter talks of 30, 45, 60, or 90 minutes each). There will also be "birds of a feather," or BOF, sessions in the evening. Here's how each part works. The Tutorials The first two days of the convention will be filled by classes, taught by experts, which last 3 or 6 hours and cover topics in great depth. We'll have two 3-hour slots this year (we MIGHT be able to negotiate more if we get lots of killer proposals). I'd like to fill with classes on topics which reflect the BSDs' strengths -- e.g. the TCP/IP stack, file systems, security, kernel architecture, etc. Now, I realize that three hours is a long time for some of us to talk (unless, of course, you're Kirk McKusick, who can easily fill several days -- and who, I hope, will be one of our speakers). So, I'd like to encourage experts from the BSD development teams to do sessions as "tag team" efforts involving two or even three people. Presenters of the tutorials will receive a $1500 honorarium from O'Reilly per 3-hour session. They'll also be reimbursed for travel, and get free admission to the "conference" portion of the event. (If there are two or more presenters, they will split the honorarium and travel funds. However, since the honorarium is generous, everyone's expenses should be covered.) Notes for the tutorials will have to be submitted to O'Reilly in advance for duplication. Please submit proposals to oscon00proposals@oreilly.com and copy me at oscon@brettglass.com. Proposal guidelines are at http://conferences.ora.com/oscon2000/call.html. See the section of this message marked "Deadlines Approaching" about deadlines. The Conference The final two days of the convention will be a conference with 30, 45, 60, and 90-minute sessions. There will be a "plenary" session each morning, after which the conference will split into tracks. Because this is the first year that there will be a BSD track, we'll only get one quarter as much time as Linux: 270 minutes, total, to slice up as we'd like. Let's fill this time with so much good and useful information that we get a full track next year! Presenters during these two days won't get an honorarium; however, there's a travel fund which may be able to provide assistance to those traveling from afar. However, presenters WILL get into the conference for free -- a perk worth nearly $800. Again, please submit proposals to oscon00proposals@oreilly.com and copy me at oscon@brettglass.com. Proposal guidelines are at http://conferences.ora.com/oscon2000/call.html. See the section of this message marked "Deadlines Approaching" about deadlines. The BOFs In addition to the tutorials and conference sessions, we'll have a chance to do one or more BSD-related "birds of a feather," or BOF, sessions. If the BSD BOF at LinuxWorld (which completely overflowed the space reserved for it) was any indication, we can do some killer BOFs which both promote the BSDs and help to create closer ties among those within the BSD community. The contact for information about BOFs is Vee McMillen at O'Reilly; her e-mail is vee@oreilly.com. The Expo O'Reilly's Open Source Convention isn't a "trade show." The current venue, in Monterey, CA, doesn't really have space for a big show floor like the one you'd find at, say, LinuxWorld or COMDEX. However, there will be a small exhibit area for vendor booths, and non-profit organizations such as user groups and open source development teams will be offered space there for free. (Groups such as BAFUG take note!) The BSDs should be well represented in this space. The contact for exhibit hall reservations is Sadonna Cody at O'Reilly; her e-mail is sadonna@oreilly.com. Vendor Participation Vendors of commercial products -- for example, BSDI and Applix -- are welcome and in fact encouraged to help with presentations at the convention. However, since the attendees of this convention tend to have a low tolerance for vendor-specific material and sales pitches, a presentation should NOT relate exclusively to single commercial product or describe only one implementation of a particular feature or function. Deadlines Approaching O'Reilly wants to get at least a preliminary schedule for the convention together by March 1st so that they can print programs. The original deadline for submission of proposals was February 18th, but since I only got approval to do the track about a week ago I'm sure we can stretch this a little. If you're interested in speaking, contact me IMMEDIATELY at the e-mail address oscon@brettglass.com (and copy oscon00proposals@oreilly.com) even if you don't have a formal proposal fleshed out yet. That way, we'll know a proposal is coming. I'll work with O'Reilly on reasonable deadlines for the submission of outlines and notes. Please Participate! This is a fantastic opportunity to advocate and promote the fantastic technology that's part and parcel of all of the BSDs; let's not lose our chance! If you'd like to contribute, please contact me ASAP at the address oscon@brettglass.com. Hope to see you at the convention! --Brett Glass, BSD Advocate and All-Around Rabble Rouser ;-) This is the moderated mailing list freebsd-announce. The list contains announcements of new FreeBSD capabilities, important events and project milestones. See also the FreeBSD Web pages at http://www.freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-announce" in the body of the message From owner-freebsd-announce Sat Feb 19 22:42:36 2000 Delivered-To: freebsd-announce@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id 5426437BE84; Sat, 19 Feb 2000 22:42:28 -0800 (PST) (envelope-from security-officer@freebsd.org) Received: (from kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) id WAA10401; Sat, 19 Feb 2000 22:42:28 -0800 (PST) (envelope-from security-officer@freebsd.org) Date: Sat, 19 Feb 2000 22:42:28 -0800 (PST) Message-Id: <200002200642.WAA10401@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: kris set sender to security-officer@freebsd.org using -f From: FreeBSD Security Officer Subject: FreeBSD Security Advisory: FreeBSD-SA-00:03.asmon Reply-To: security-officer@freebsd.org From: FreeBSD Security Officer Sender: owner-freebsd-announce@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:03 Security Advisory FreeBSD, Inc. Topic: Asmon/Ascpu ports fail to drop privileges Category: ports Module: asmon/ascpu Announced: 2000-02-19 Affects: Ports collection before the correction date. Corrected: 2000-01-29 FreeBSD only: yes I. Background Two optional third-party ports distributed with FreeBSD can be used to execute commands with elevated privileges, specifically setgid kmem privileges. This may lead to a local root compromise. II. Problem Description Asmon and ascpu allow users to execute arbitrary commands as part of a user configuration file. Both applications are Linux-centric as distributed by the vendor and require patching to run under FreeBSD (specifically, using the kvm interface and setgid kmem privileges to obtain system statistics); this patching was the source of the present security problem. This is a similar flaw to one found in the wmmon port, which was corrected on 1999/12/31. Note that neither utility is installed by default, nor are they "part of FreeBSD" as such: they are part of the FreeBSD ports collection, which contains over 3100 third-party applications in a ready-to-install format. FreeBSD makes no claim about the security of these third-party applications, although an effort is underway to provide a security audit of the most security-critical ports. III. Impact If you have not chosen to install the asmon or ascpu ports/packages, then your system is not vulnerable. If you have, then local users can obtain setgid kmem rights, which allows them to manipulate kernel memory, and thereby compromise root. IV. Workaround Remove the asmon and ascpu ports/packages, if you have installed them. V. Solution One of the following: 1) Upgrade your entire ports collection and rebuild the asmon and/or ascpu ports. 2) Reinstall a new package obtained from: ftp://ftp.freebsd.org/pub/FreeBSD/ports/packages/sysutils/asmon-0.60.tgz ftp://ftp.freebsd.org/pub/FreeBSD/ports/packages/sysutils/ascpu-1.8.tgz after the correction date. At the time of advisory release, the asmon package was not available - you may need to use one of the other methods to update the software. 3) download a new port skeleton for the asmon and/or ascpu ports from: http://www.freebsd.org/ports/ and use it to rebuild one or both ports. 4) Use the portcheckout utility to automate option (3) above. The portcheckout port is available in /usr/ports/devel/portcheckout or the package can be obtained from: ftp://ftp.freebsd.org/pub/FreeBSD/ports/packages/devel/portcheckout-2.0.tgz -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBOK+LsFUuHi5z0oilAQHRZAP+MC3e3NhGNTDhiL/GAQjewUS8c16ClPhj WruCd5Tu1WJA2Em8Q19Ui7vrLRLQ9aXzTocUOBd6x6/zqpM3lS1aJMwvV9BkZ59G ONh6aiM7FbWPKukW1YThKDn0Vjtc5JaDHsbJ4dVHQh/IMqZD8hqocLG4AjJDxnLj qlRyhiCr/lA= =l1gj -----END PGP SIGNATURE----- This is the moderated mailing list freebsd-announce. The list contains announcements of new FreeBSD capabilities, important events and project milestones. See also the FreeBSD Web pages at http://www.freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-announce" in the body of the message From owner-freebsd-announce Sat Feb 19 22:45:56 2000 Delivered-To: freebsd-announce@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id 1FF6437BDF9; Sat, 19 Feb 2000 22:45:46 -0800 (PST) (envelope-from security-officer@freebsd.org) Received: (from kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) id WAA10607; Sat, 19 Feb 2000 22:45:45 -0800 (PST) (envelope-from security-officer@freebsd.org) Date: Sat, 19 Feb 2000 22:45:45 -0800 (PST) Message-Id: <200002200645.WAA10607@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: kris set sender to security-officer@freebsd.org using -f From: FreeBSD Security Officer Subject: FreeBSD Security Advisory: FreeBSD-SA-00:04.delegate Reply-To: security-officer@freebsd.org From: FreeBSD Security Officer Sender: owner-freebsd-announce@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:04 Security Advisory FreeBSD, Inc. Topic: Delegate port contains numerous buffer overflows Category: ports Module: delegate Announced: 2000-02-19 Affects: Ports collection before the correction date. Corrected: 2000-02-02 FreeBSD only: NO I. Background An optional third-party port distributed with FreeBSD contains numerous remotely-exploitable buffer overflows which allow an attacker to execute arbitrary commands on the local system, typically as the 'nobody' user. II. Problem Description Delegate is a versatile application-level proxy. Unfortunately it is written in a very insecure style, with potentially dozens of different exploitable buffer overflows (including several demonstrated ones), each of which could allow an attacker to execute arbitrary code on the delegate server. This code will run as the user ID of the 'delegated' process, typically 'nobody' in the recommended configuration, but this still represents a security risk as the attacker may be able to mount a local attack to further upgrade his or her access privileges. Note that the delegate utility is not installed by default, nor is it "part of FreeBSD" as such: it is part of the FreeBSD ports collection, which contains over 3100 third-party applications in a ready-to-install format. FreeBSD makes no claim about the security of these third-party applications, although an effort is underway to provide a security audit of the most security-critical ports. III. Impact If you have not chosen to install the delegate port/package, then your system is not vulnerable. If you have, then local or remote users who can connect to the delegate port(s), or malicious servers which a user accesses using the delegate proxy, can potentially execute arbitrary code on your system in any number of ways. IV. Workaround Remove the delegate port/package, if you have installed it. V. Solution Unfortunately no simple fix is available - the problems with the delegate software are too endemic to be fixed by a simple patch. It is hoped the software authors will take security to heart and correct the security problems in a future version, although user caution is advised given the current state of the code. Depending on your local setup and your security threat model, using a firewall/packet filter such as ipfw(8) or ipf(8) to prevent remote users from connecting to the delegate port(s) may be enough to meet your security needs. Note that this will not prevent legitimate proxy users from attacking the delegate server, although this may not be an issue if they have a shell account on the machine anyway. Note also that this does not prevent "passive" exploits in which a user is convinced through other means into visiting a malicious server using the proxy, which may be able to compromise it by sending back invalid data. Several flaws of this type have been discovered during a brief survey of the code. If you are running FreeBSD 4.0, a possible solution might be to confine the delegate process inside a "jail" (see the jail(8) manpage). A properly configured jail will isolate the contents in their own separate "virtual machine", which can be suitably secured so that an attacker who gains control of a process running inside the jail cannot escape and gain access to the rest of the machine. Note that this is different from a traditional chroot(8), since it does not just attempt to isolate processes inside portions of the filesystem. This solution is not possible under standard FreeBSD 3.x or earlier. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBOK+NTVUuHi5z0oilAQGGnAP+NOxAOVpEUpyR0iQwNjA1Je7B4M5gOxzc NwqQKp7WBm/IzzIW23KvyPcbTld83+m2tnhdNW3srh8ESSYDaa/hhmG2AtR0LYEL H2EWTIBcPBhidquX+ihKGTSaMnMjYpmp6GVGSsBqcNFXAPGHiJ6BbsEg2k6rJSLz wgL0NJ+qkCI= =ZhXO -----END PGP SIGNATURE----- This is the moderated mailing list freebsd-announce. The list contains announcements of new FreeBSD capabilities, important events and project milestones. See also the FreeBSD Web pages at http://www.freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-announce" in the body of the message