Date: Sun, 10 Oct 1999 18:19:59 +1000 (EST) From: Darren Reed <avalon@coombs.anu.edu.au> To: jread@semiotek.com (Justin Wells) Cc: freebsd-security@FreeBSD.ORG Subject: Re: chroot jail in pre 4.0 Message-ID: <199910100819.SAA17649@cheops.anu.edu.au> In-Reply-To: <19991008170540.A1618@fever.semiotek.com> from "Justin Wells" at Oct 8, 99 05:05:40 pm
next in thread | previous in thread | raw e-mail | index | archive | help
First, if you have "nodev" as a mount option, you may find things such as /dev/null are a problem. Given your concerns about security problems with this C program, and the resluctance of people to do anything about it, perhaps what you need is for it to be stored in the chroot'd area, as a writeable image so people can corrupt that :) Another option is to have two partitions in your chroot'd area: one is mounted read-only and another is mounted read-write. The mount option of "nochroot" should be enforced by simply running as non-root. Darren To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199910100819.SAA17649>