From owner-freebsd-security Fri May 12 14:18:44 2000 Delivered-To: freebsd-security@freebsd.org Received: from orion.ac.hmc.edu (Orion.AC.HMC.Edu [134.173.32.20]) by hub.freebsd.org (Postfix) with ESMTP id 9880A37BA93 for ; Fri, 12 May 2000 14:18:38 -0700 (PDT) (envelope-from brdavis@orion.ac.hmc.edu) Received: (from brdavis@localhost) by orion.ac.hmc.edu (8.8.8/8.8.8) id OAA04296; Fri, 12 May 2000 14:18:24 -0700 (PDT) Date: Fri, 12 May 2000 14:18:24 -0700 From: Brooks Davis To: Cy Schubert - ITSD Open Systems Group Cc: Patrick Bihan-Faou , freebsd-security@FreeBSD.ORG Subject: Re: envy.vuurwerk.nl daily run output Message-ID: <20000512141824.A748@orion.ac.hmc.edu> References: <0e8c01bfbc29$4432e390$040aa8c0@local.mindstep.com> <200005122049.e4CKnjU42033@cwsys.cwsent.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0pre4i In-Reply-To: <200005122049.e4CKnjU42033@cwsys.cwsent.com>; from Cy.Schubert@uumail.gov.bc.ca on Fri, May 12, 2000 at 01:49:04PM -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, May 12, 2000 at 01:49:04PM -0700, Cy Schubert - ITSD Open Systems Group wrote: > I've been, as root, able to break out of jail with the posted code on > FreeBSD-3.3, RH 5.2 & 6.0, Solaris 2.6, and Tru64-UNIX 4.0D. I've, as > root, not been able to break out of jail on 4.0-STABLE as of April 22, > hence suspected that FreeBSD plugged this hole. chroot != jail. chroot'ed programs are often described as running in jails, but they are certaintly in minimum security prisons at best. The new jail(8) feature in FreeBSD 4.0 write by PHK and documented by Robert Watson is an entierly different beast and it's certaintly what was suggested in the post that prompted this conversation. The very short introduction to jail is that it's a maximum secuirty version of chroot. It's almost as good as a whole seperate machine. -- Brooks -- Any statement of the form "X is the one, true Y" is FALSE. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message