Date: Mon, 24 Feb 1997 17:05:00 +0100 From: Poul-Henning Kamp <phk@critter.dk.tfs.com> To: Julian Assange <proff@iq.org> Cc: hackers@freebsd.org, security@freebsd.org Subject: Re: o [1997/02/01] bin/2634 rtld patches for easy creation of chroot enviroments Message-ID: <4363.856800300@critter.dk.tfs.com> In-Reply-To: Your message of "Tue, 25 Feb 1997 00:28:33 %2B1100." <199702241328.AAA10815@profane.iq.org>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <199702241328.AAA10815@profane.iq.org>, Julian Assange writes: >plannet are you on? Earth, 3rd from the center. (Mostly harmless). >The primary reason chroot() is rarely used is because it is painful >to use. No, it's because it doesn't really offer isolation when you have networking and other non-filesystem controlled interfaces to the kernel. Once you have implemented true "virtual machine" semantics for chroot, including local /sbin/init process &c &c it will be useful. >I'm quite apalled at this conservative view, >expressed without the slightest understanding of the code involved. I have a far better understanding of the code than you have. Julian, you need to calm down and work on something different. Your proposed feature isn't the magical bullet it takes to make chroot a safe place to live. If it were I would embrace it. As it is, adding this gruesome hack doesn't really provide us with anything that improves the situation. If you think otherwise, do it on your own systems. Poul-Henning -- Poul-Henning Kamp | phk@FreeBSD.ORG FreeBSD Core-team. http://www.freebsd.org/~phk | phk@login.dknet.dk Private mailbox. whois: [PHK] | phk@tfs.com TRW Financial Systems, Inc. Power and ignorance is a disgusting cocktail.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4363.856800300>