From owner-freebsd-stable  Mon Jan  7 10:35:59 2002
Delivered-To: freebsd-stable@freebsd.org
Received: from gw.nectar.cc (gw.nectar.cc [208.42.49.153])
	by hub.freebsd.org (Postfix) with ESMTP id 00C5B37B41C
	for <stable@FreeBSD.ORG>; Mon,  7 Jan 2002 10:35:34 -0800 (PST)
Received: from madman.nectar.cc (madman.nectar.cc [10.0.1.111])
	by gw.nectar.cc (Postfix) with ESMTP
	id 6A27734; Mon,  7 Jan 2002 12:35:33 -0600 (CST)
Received: (from nectar@localhost)
	by madman.nectar.cc (8.11.6/8.11.6) id g07IZWs07627;
	Mon, 7 Jan 2002 12:35:32 -0600 (CST)
	(envelope-from nectar)
Date: Mon, 7 Jan 2002 12:35:32 -0600
From: "Jacques A. Vidrine" <n@nectar.cc>
To: Joe Abley <jabley@automagic.org>
Cc: cjclark@alum.mit.edu, Haikal Saadh <wyldephyre2@yahoo.com>,
	stable@FreeBSD.ORG
Subject: Re: Chrooted bind  out of the box
Message-ID: <20020107183532.GA94047@madman.nectar.cc>
References: <000001c195b1$db087880$41c801ca@warhawk> <20020105140846.D204@gohan.cjclark.org> <20020105222558.A95067@buffoon.automagic.org> <20020106112345.B237@gohan.cjclark.org> <20020107090632.P95067@buffoon.automagic.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20020107090632.P95067@buffoon.automagic.org>
User-Agent: Mutt/1.3.25i
X-Url: http://www.nectar.cc/
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-stable.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-stable>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-stable>
X-Loop: FreeBSD.ORG

On Mon, Jan 07, 2002 at 09:06:32AM -0500, Joe Abley wrote:
> On Sun, Jan 06, 2002 at 11:23:45AM -0800, Crist J. Clark wrote:
> > and you still need to run as
> > bind:bind for chrooting to be much of a security measure.
> 
> I will disagree with your last point...

You might want to think about that some more. chroot'd or not, root
can do what it wants --- such as create device nodes for your disk
devices and mount them.

Cheers,
-- 
Jacques A. Vidrine <n@nectar.cc>                 http://www.nectar.cc/
NTT/Verio SME          .     FreeBSD UNIX     .       Heimdal Kerberos
jvidrine@verio.net     .  nectar@FreeBSD.org  .          nectar@kth.se

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message