From owner-freebsd-security  Sun Aug 16 01:09:45 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id BAA11989
          for freebsd-security-outgoing; Sun, 16 Aug 1998 01:09:45 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from rover.village.org (rover.village.org [204.144.255.49])
          by hub.freebsd.org (8.8.8/8.8.8) with SMTP id BAA11984
          for <freebsd-security@freebsd.org>; Sun, 16 Aug 1998 01:09:43 -0700 (PDT)
          (envelope-from imp@village.org)
Received: from harmony [10.0.0.6] 
	by rover.village.org with esmtp (Exim 1.71 #1)
	id 0z7xs9-0000Ac-00; Sun, 16 Aug 1998 02:09:05 -0600
Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.8.8/8.8.3) with ESMTP id CAA15120; Sun, 16 Aug 1998 02:08:47 -0600 (MDT)
Message-Id: <199808160808.CAA15120@harmony.village.org>
To: Philippe Regnauld <regnauld@deepo.prosa.dk>
Subject: Re: Fwd: "Using capabilties aaginst shell code" <dps@IO.STARGATE.CO.UK> 
Cc: rotel@indigo.ie, freebsd-security@FreeBSD.ORG
In-reply-to: Your message of "Sat, 15 Aug 1998 13:13:09 +0200."
		<19980815131309.14782@deepo.prosa.dk> 
References: <19980815131309.14782@deepo.prosa.dk>  <19980814123240.63855@deepo.prosa.dk> <199808142212.XAA01134@indigo.ie> 
Date: Sun, 16 Aug 1998 02:08:46 -0600
From: Warner Losh <imp@village.org>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

In message <19980815131309.14782@deepo.prosa.dk> Philippe Regnauld writes:
: 	What do you call "making chroot secure" ?

I'd say not being able to access or make raw device nodes, should you
get root, not being able to bust out of the chroot jail with some
clever chdiring, the ability to create "secure" (low port) sockets and
likely several other holes that I'm forgetting at the moment.

Warner


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message