From owner-freebsd-isp  Thu Jul 27  5:30:29 2000
Delivered-To: freebsd-isp@freebsd.org
Received: from ns1.sunesi.net (ns1.sunesi.net [196.15.192.194])
	by hub.freebsd.org (Postfix) with ESMTP id 41C8A37C1EE
	for <freebsd-isp@freebsd.org>; Thu, 27 Jul 2000 05:29:52 -0700 (PDT)
	(envelope-from nbm@sunesi.net)
Received: from nbm by ns1.sunesi.net with local (Exim 3.03 #1)
	id 13Hmmo-000BzN-00; Thu, 27 Jul 2000 14:29:14 +0200
Date: Thu, 27 Jul 2000 14:29:14 +0200
From: Neil Blakey-Milner <nbm@mithrandr.moria.org>
To: "Forrest W. Christian" <forrestc@imach.com>
Cc: "chem@i-p-d.nl" <chem@i-p-d.nl>,
	Kenn Martin <kmartin@infoteam.com>, freebsd-isp@FreeBSD.ORG
Subject: Re: limiting telnet-users
Message-ID: <20000727142913.A46061@mithrandr.moria.org>
References: <200007270728.JAA09013@ns1.i-p-d.nl> <Pine.BSF.4.21.0007270048130.11446-100000@workhorse.iMach.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 1.0.1i
In-Reply-To: <Pine.BSF.4.21.0007270048130.11446-100000@workhorse.iMach.com>; from forrestc@imach.com on Thu, Jul 27, 2000 at 12:58:24AM -0600
Organization: Sunesi Clinical Systems
X-Operating-System: FreeBSD 3.3-RELEASE i386
X-URL: http://rucus.ru.ac.za/~nbm/
Sender: owner-freebsd-isp@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Thu 2000-07-27 (00:58), Forrest W. Christian wrote:
> About the only way to confine users to their own little private world is
> chroot.   Period.

ITYM jail(2).

> Chroots are SIGIFICANTLY more difficult to break out of.

There have been, and are still, ways to get out of chroot.  See 'sysctl
kern.chroot_allow_open_directories', for one.

Neil
-- 
Neil Blakey-Milner
Sunesi Clinical Systems
nbm@mithrandr.moria.org


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message