Date: Fri, 12 May 2000 14:18:24 -0700 From: Brooks Davis <brooks@one-eyed-alien.net> To: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca> Cc: Patrick Bihan-Faou <patrick@mindstep.com>, freebsd-security@FreeBSD.ORG Subject: Re: envy.vuurwerk.nl daily run output Message-ID: <20000512141824.A748@orion.ac.hmc.edu> In-Reply-To: <200005122049.e4CKnjU42033@cwsys.cwsent.com>; from Cy.Schubert@uumail.gov.bc.ca on Fri, May 12, 2000 at 01:49:04PM -0700 References: <0e8c01bfbc29$4432e390$040aa8c0@local.mindstep.com> <200005122049.e4CKnjU42033@cwsys.cwsent.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, May 12, 2000 at 01:49:04PM -0700, Cy Schubert - ITSD Open Systems Group wrote: > I've been, as root, able to break out of jail with the posted code on > FreeBSD-3.3, RH 5.2 & 6.0, Solaris 2.6, and Tru64-UNIX 4.0D. I've, as > root, not been able to break out of jail on 4.0-STABLE as of April 22, > hence suspected that FreeBSD plugged this hole. chroot != jail. chroot'ed programs are often described as running in jails, but they are certaintly in minimum security prisons at best. The new jail(8) feature in FreeBSD 4.0 write by PHK and documented by Robert Watson is an entierly different beast and it's certaintly what was suggested in the post that prompted this conversation. The very short introduction to jail is that it's a maximum secuirty version of chroot. It's almost as good as a whole seperate machine. -- Brooks -- Any statement of the form "X is the one, true Y" is FALSE. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000512141824.A748>