Date: Sun, 3 Nov 1996 19:13:09 -0800 From: Don Lewis <Don.Lewis@tsc.tdk.com> To: Mikael Karpberg <karpen@ocean.campus.luth.se>, newton@communica.com.au (Mark Newton) Cc: freebsd-security@freebsd.org Subject: Re: chroot() security Message-ID: <199611040313.TAA10255@salsa.gv.ssi1.com> In-Reply-To: Mikael Karpberg <karpen@ocean.campus.luth.se> "Re: chroot() security" (Nov 3, 6:11am)
next in thread | previous in thread | raw e-mail | index | archive | help
On Nov 3, 6:11am, Mikael Karpberg wrote: } Subject: Re: chroot() security } } Why not? Make an option for it in the LINT file, and just #ifdef it? } } option SAFER_CHROOT #Warning, this might break some executables. } } Something like it, at least? } Or maybe make some sysclt or something where you can set it on a per } process basis? I've implemented something like this with a config option that adds code that disables a number of things for chroot()ed processes if a certain sysctl variable is set. I'm now glad that I can turn this off with sysctl because there have been some things that I've needed to do that I couldn't do in "safer" mode. --- Truck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199611040313.TAA10255>