Date: Sun, 25 Jul 1999 16:18:39 -0700 From: "Jan B. Koum " <jkb@best.com> To: Matthew Dillon <dillon@apollo.backplane.com>, Sue Blake <sue@welearn.com.au> Cc: freebsd-hackers@FreeBSD.ORG, freebsd-doc@FreeBSD.ORG Subject: Re: sandbox?? Message-ID: <19990725161839.A16546@best.com> In-Reply-To: <199907251836.LAA41121@apollo.backplane.com>; from Matthew Dillon on Sun, Jul 25, 1999 at 11:36:49AM -0700 References: <19990726040233.E7349@welearn.com.au> <199907251836.LAA41121@apollo.backplane.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Jul 25, 1999 at 11:36:49AM -0700, Matthew Dillon <dillon@apollo.backplane.com> wrote:
> A sandbox is a security term. It can mean two things:
>
[...]
>
> UNIX implements two core sanboxes. One is at the process level, and one
> is at the userid level.
>
> Every UNIX process is completely firewalled off from every other UNIX
> process. One process can modify the address space of another. This is
^^^^
Can not. Silly typo ;)
BTW, I have running bind running chroot()'ed in /var/named (where
OpenBSD puts it). Can we now also put /var/named and all subdirs needed
into FreeBSD? We can also add '-t /var/named' flag into commented out
rc.conf startup for bind. I could supply more info to someone who can
commit this into the tree...
% tail /var/named/var/log/named-noise.log
25-Jul-1999 04:11:16.730 security: info: chrooted to /var/named
25-Jul-1999 04:11:16.871 security: info: group = bind
25-Jul-1999 04:11:16.872 security: info: user = bind
% ps ax | grep named
113 ?? Is 0:00.02 /var/named/named -u bind -g bind -t /var/named
-- Yan
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-doc" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990725161839.A16546>