From owner-freebsd-questions@FreeBSD.ORG  Thu Apr  1 00:47:33 2004
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 8A98F16A4CF
	for <freebsd-questions@freebsd.org>;
	Thu,  1 Apr 2004 00:47:33 -0800 (PST)
Received: from mtaw6.prodigy.net (mtaw6.prodigy.net [64.164.98.56])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 4FB9443D1F
	for <freebsd-questions@freebsd.org>;
	Thu,  1 Apr 2004 00:47:33 -0800 (PST)
	(envelope-from kris@obsecurity.org)
Received: from obsecurity.dyndns.org
	(9ac703c21b099c35b8f5e98fd604ed8b@adsl-67-115-73-128.dsl.lsan03.pacbell.net
	[67.115.73.128])
	by mtaw6.prodigy.net (8.12.10/8.12.10) with ESMTP id i318kNli022334;
	Thu, 1 Apr 2004 00:46:24 -0800 (PST)
Received: by obsecurity.dyndns.org (Postfix, from userid 1000)
	id 4502752145; Thu,  1 Apr 2004 00:47:28 -0800 (PST)
Date: Thu, 1 Apr 2004 00:47:28 -0800
From: Kris Kennaway <kris@obsecurity.org>
To: Mark <admin@asarian-host.net>
Message-ID: <20040401084727.GA64863@xor.obsecurity.org>
References: <200404010802.I31823VU058374@asarian-host.net>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="u3/rZRmxL6MmkK24"
Content-Disposition: inline
In-Reply-To: <200404010802.I31823VU058374@asarian-host.net>
User-Agent: Mutt/1.4.2.1i
cc: freebsd-questions@freebsd.org
Subject: Re: chroot or jail?
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Apr 2004 08:47:33 -0000


--u3/rZRmxL6MmkK24
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Thu, Apr 01, 2004 at 08:02:04AM +0000, Mark wrote:
> Hello,
>=20
> I am setting up a new Apache 1.3.29; and I was wondering, should I use ja=
il
> or chroot to secure it? I know root can potentially break out of chroot. =
But
> what about jail? (FreeBSD 4.9R-p3). Can you break out of a jail?

No [1], that's the point :)

Kris

[1] Modulo any implementation bugs, of course.
--u3/rZRmxL6MmkK24
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (FreeBSD)

iD8DBQFAa9cfWry0BWjoQKURAtc2AJ4339Xr6RYObDsruUetO7cTx1CtlwCfRoiB
HUYURY6zq3hSakIesTgBgTs=
=m+eK
-----END PGP SIGNATURE-----

--u3/rZRmxL6MmkK24--