From owner-freebsd-security  Mon Nov  4 10:44:44 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id KAA12962
          for security-outgoing; Mon, 4 Nov 1996 10:44:44 -0800 (PST)
Received: from itchy.atlas.com ([206.29.170.246])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id KAA12954
          for <freebsd-security@FreeBSD.org>; Mon, 4 Nov 1996 10:44:40 -0800 (PST)
Received: (from brantk@localhost) by itchy.atlas.com (8.8.0/8.8.0) id KAA15255; Mon, 4 Nov 1996 10:45:38 -0800 (PST)
From: Brant Katkansky <brantk@atlas.com>
Message-Id: <199611041845.KAA15255@itchy.atlas.com>
Subject: Re: chroot() security
To: newton@communica.com.au (Mark Newton)
Date: Mon, 4 Nov 1996 10:45:37 -0800 (PST)
Cc: Don.Lewis@tsc.tdk.com, marcs@znep.com, dev@trifecta.com,
        freebsd-security@FreeBSD.org
In-Reply-To: <9611021806.AA19481@communica.com.au> from Mark Newton at "Nov 3, 96 04:36:41 am"
X-Mailer: ELM [version 2.4ME+ PL22 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-security@FreeBSD.org
X-Loop: FreeBSD.org
Precedence: bulk

> Note that I'm not suggesting this as something that should be added to
> FreeBSD per se;  Rather, I'm suggesting that users of FreeBSD in security-
> critical environments can benefit from having kernel sources by taking
> the opportunity to "harden" their kernel.

How 'bout making it a compile-time option?

-- Brant Katkansky (brantk@atlas.com)
   Software Engineer, ADC