From owner-freebsd-hackers  Sun Jul 25 16:21:12 1999
Delivered-To: freebsd-hackers@freebsd.org
Received: from shell6.ba.best.com (shell6.ba.best.com [206.184.139.137])
	by hub.freebsd.org (Postfix) with ESMTP
	id 32E8114D12; Sun, 25 Jul 1999 16:21:01 -0700 (PDT)
	(envelope-from jkb@shell6.ba.best.com)
Received: (from jkb@localhost)
	by shell6.ba.best.com (8.9.3/8.9.2/best.sh) id QAA17211;
	Sun, 25 Jul 1999 16:18:40 -0700 (PDT)
Message-ID: <19990725161839.A16546@best.com>
Date: Sun, 25 Jul 1999 16:18:39 -0700
From: "Jan B. Koum " <jkb@best.com>
To: Matthew Dillon <dillon@apollo.backplane.com>,
	Sue Blake <sue@welearn.com.au>
Cc: freebsd-hackers@FreeBSD.ORG, freebsd-doc@FreeBSD.ORG
Subject: Re: sandbox??
Mail-Followup-To: Matthew Dillon <dillon@apollo.backplane.com>,
	Sue Blake <sue@welearn.com.au>, freebsd-hackers@FreeBSD.ORG,
	freebsd-doc@FreeBSD.ORG
References: <19990726040233.E7349@welearn.com.au> <199907251836.LAA41121@apollo.backplane.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.93.2i
In-Reply-To: <199907251836.LAA41121@apollo.backplane.com>; from Matthew Dillon on Sun, Jul 25, 1999 at 11:36:49AM -0700
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Sun, Jul 25, 1999 at 11:36:49AM -0700, Matthew Dillon <dillon@apollo.backplane.com> wrote:
>     A sandbox is a security term.  It can mean two things:
> 
[...]
> 
>     UNIX implements two core sanboxes.  One is at the process level, and one
>     is at the userid level.
> 
>     Every UNIX process is completely firewalled off from every other UNIX
>     process.  One process can modify the address space of another.  This is
                             ^^^^

	Can not. Silly typo ;)

	BTW, I have running bind running chroot()'ed in /var/named (where
OpenBSD puts it). Can we now also put /var/named and all subdirs needed
into FreeBSD? We can also add '-t /var/named' flag into commented out
rc.conf startup for bind. I could supply more info to someone who can
commit this into the tree...

% tail /var/named/var/log/named-noise.log
25-Jul-1999 04:11:16.730 security: info: chrooted to /var/named
25-Jul-1999 04:11:16.871 security: info: group = bind
25-Jul-1999 04:11:16.872 security: info: user = bind
% ps ax | grep named
  113  ??  Is     0:00.02 /var/named/named -u bind -g bind -t /var/named



-- Yan


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message