Date: Fri, 18 Dec 1998 22:41:45 -0800 From: Don Lewis <Don.Lewis@tsc.tdk.com> To: Poul-Henning Kamp <phk@critter.freebsd.dk>, "Marco Molteni" <molter@tin.it> Cc: "Jordan K. Hubbard" <jkh@zippy.cdrom.com>, freebsd-security@FreeBSD.ORG Subject: Re: A better explanation (was: buffer overflows and chroot) Message-ID: <199812190641.WAA11564@salsa.gv.tsc.tdk.com> In-Reply-To: Poul-Henning Kamp <phk@critter.freebsd.dk> "Re: A better explanation (was: buffer overflows and chroot)" (Dec 18, 9:00pm)
next in thread | previous in thread | raw e-mail | index | archive | help
On Dec 18, 9:00pm, Poul-Henning Kamp wrote: } Subject: Re: A better explanation (was: buffer overflows and chroot) } I have a set of patches which makes a chroot jail escape proof. These } were developed under contract and will end up in FreeBSD sometime over } the next year. My client wants to get a head start, and that is only } fair. A year or so ago I implemented a more limited scheme to prevent access to the filesystem outside the chroot area. I'm in the process of cleaning it up and hope to post my patches soon. } The basic concept is that root is only root in a jail if the filesystem } protects the rest of the system, otherwise he isn't. For instance he } can change the owner or modes on a file, but he cannot change IP# on } an interface. He can bind to a priviledged TCP port, but only on the } IP# which belongs to the jail. And so forth. Works pretty well. The IP restrictions would be very handy for some of the stuff that I do. Can a process in jail kill() a process outside jail? Can the compartments nest? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199812190641.WAA11564>