Date: Fri, 30 Dec 2011 01:30:38 +0400 From: Andrey Chernov <ache@FreeBSD.ORG> To: John Baldwin <jhb@FreeBSD.ORG> Cc: freebsd-security@FreeBSD.ORG, Doug Barton <dougb@FreeBSD.ORG>, d@delphij.net Subject: Re: svn commit: r228843 - head/contrib/telnet/libtelnet head/crypto/heimdal/appl/telnet/libtelnet head/include head/lib/libc/gen head/lib/libc/iconv head/lib/libc/include head/lib/libc/net head/libexec... Message-ID: <20111229213038.GA69220@vniz.net> In-Reply-To: <201112291617.05113.jhb@freebsd.org> References: <201112231500.pBNF0c0O071712@svn.freebsd.org> <201112291435.03493.jhb@freebsd.org> <4EFCCDDF.5080602@delphij.net> <201112291617.05113.jhb@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Dec 29, 2011 at 04:17:04PM -0500, John Baldwin wrote: > Presumably one could do a static ls. Even with the built-in ls we > create a dummy passwd/group file for the anonymous chroot by default. > I agree a built-in ls is strictly better, however. I would also be > fine with removing all notion of execv for helper programs from ftpd > and have it only ever use the built-in ls via ftpd_popen(). Don't think about our ftpd only. Other ones calls date(1), tar(1), etc. > However, > I do think that this mostly falls down to creating "safe" chroot / jail > areas rather than the OS being able to defend unsafe areas. I agree. We can describe safe way better in our documentation, but can't prevent foot shooting without penalty for "good" admins. Bad example is M$ Windows which tries to prevent foot shooting from _inside_ the system by greedy and annoying permanent antivirus monitoring. -- http://ache.vniz.net/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20111229213038.GA69220>