From owner-freebsd-security@FreeBSD.ORG  Mon May 17 21:41:26 2004
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 02A8B16A4CE
	for <freebsd-security@freebsd.org>;
	Mon, 17 May 2004 21:41:26 -0700 (PDT)
Received: from mail.sharmannetworks.com (mail.sharmannetworks.com
	[210.8.93.3])	by mx1.FreeBSD.org (Postfix) with ESMTP id F39A743D58
	for <freebsd-security@freebsd.org>;
	Mon, 17 May 2004 21:41:22 -0700 (PDT)
	(envelope-from freebsd@meijome.net)
Received: from meijome.net ([192.168.1.129]) by mail.sharmannetworks.com over
	TLS secured channel with Microsoft SMTPSVC(5.0.2195.5329);
	Tue, 18 May 2004 14:41:20 +1000
Message-ID: <40A993F0.2040806@meijome.net>
Date: Tue, 18 May 2004 14:41:20 +1000
From: Norberto Meijome <freebsd@meijome.net>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US;
	rv:1.6) Gecko/20040113
X-Accept-Language: en-au, en, es, es-ar
MIME-Version: 1.0
To: freebsd-security@freebsd.org
References: <4985.217.162.71.141.1084795720.squirrel@serv04.inetworx.ch>
	<40A8C4A9.2000705@mindspring.com>
In-Reply-To: <40A8C4A9.2000705@mindspring.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
X-OriginalArrivalTime: 18 May 2004 04:41:20.0323 (UTC)
	FILETIME=[5D686130:01C43C92]
Subject: Re: Multi-User Security
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 18 May 2004 04:41:26 -0000

Richard Coleman wrote:

> Using a chroot or a jail is the way to go if possible.  If you can't use 
> that, then unix permissions or ACL's is the next bet.  Restricting 
> commands is the most fragile solution since in many cases it can be 
> subverted.

Excuse my ignorance, could you quickly tell me the difference (or point 
me to a good reference article/book) between chroot + jail?
is it that a jail is always chrooted but not the other way around?
is a jail more encompassing than chroot only?

thanks in advance,
B