From owner-freebsd-hackers Sun Jul 25 11: 2: 9 1999 Delivered-To: freebsd-hackers@freebsd.org Received: from phoenix.welearn.com.au (phoenix.welearn.com.au [139.130.44.81]) by hub.freebsd.org (Postfix) with ESMTP id 6465514F86; Sun, 25 Jul 1999 11:02:01 -0700 (PDT) (envelope-from sue@phoenix.welearn.com.au) Received: (from sue@localhost) by phoenix.welearn.com.au (8.9.3/8.9.3) id EAA19921; Mon, 26 Jul 1999 04:02:38 +1000 (EST) (envelope-from sue) Date: Mon, 26 Jul 1999 04:02:36 +1000 From: Sue Blake To: freebsd-hackers@freebsd.org Cc: freebsd-doc@freebsd.org Subject: sandbox?? Message-ID: <19990726040233.E7349@welearn.com.au> Mail-Followup-To: freebsd-hackers@freebsd.org, freebsd-doc@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.4i Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hi clever people Nobody seems to be confident about the answer to my post to -questions. Below is the only public answer. It is typical of many private answers I received from otherwise knowledgeable people willing to make a partial educated guess but not willing to expose their ignorance publicly. They're all keen to know whatever I can find out :-) On Mon, Jul 19, 1999 at 07:58:01AM -0400, T. William Wells wrote: > In article <19990719212431.D300@welearn.com.au>, > Sue Blake wrote: > : Could someone tell me what is a sandbox, what does it do, how does it > : work, how do I use it, or where is it documented? > : named(8) and security(8) seem to assume one already knows. > > It's a generic term. It refers to a restricted environment in > which something is to be done. Exactly how a sandbox is > implemented depends on the specific application. As you see it is far from the complete 4-5 part answer I need. The problem that I see is that our named.conf refers to this sandbox thing, implies that it is actually the default method for BIND in FreeBSD (I don't think it is though), and directs the user to man pages which don't provide the necessary info to be able to confidently (un)implement it. If nobody understands how this sandbox thing works, we should change the named.conf that we supply. If somebody does, then they or someone who they teach (me if really necessary) needs to document it so that anyone seriously interested can figure it out on thier own (or at least accept the defaults with confidence), and then change at least the named.conf to point to that info. It sounds like a good idea, worth giving people the resources to use it. (Email cc would be appreciated) -- Regards, -*Sue*- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message