Date: Tue, 18 May 2004 01:35:27 -0700 From: Gregory Sutter <gsutter@zer0.org> To: Norberto Meijome <freebsd@meijome.net> Cc: freebsd-security@freebsd.org Subject: Re: Multi-User Security Message-ID: <20040518083527.GE73800@klapaucius.zer0.org> In-Reply-To: <40A993F0.2040806@meijome.net> References: <4985.217.162.71.141.1084795720.squirrel@serv04.inetworx.ch> <40A8C4A9.2000705@mindspring.com> <40A993F0.2040806@meijome.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--7CZp05NP8/gJM8Cl Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2004-05-18 14:41 +1000, Norberto Meijome <freebsd@meijome.net> wrote: > Richard Coleman wrote: >=20 > >Using a chroot or a jail is the way to go if possible. If you can't use= =20 > >that, then unix permissions or ACL's is the next bet. Restricting=20 > >commands is the most fragile solution since in many cases it can be=20 > >subverted. >=20 > Excuse my ignorance, could you quickly tell me the difference (or point= =20 > me to a good reference article/book) between chroot + jail? > is it that a jail is always chrooted but not the other way around? > is a jail more encompassing than chroot only? If you had typed "freebsd jail" into Google, this paper would have been the first of several hundred useful links. The answer to your question is in its introduction. http://docs.freebsd.org/44doc/papers/jail/jail.html Greg --=20 Gregory S. Sutter Was Jimi's modem a Purple Hayes? mailto:gsutter@zer0.org=20 http://zer0.org/~gsutter/=20 --7CZp05NP8/gJM8Cl Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- iD8DBQFAqcrPIBUx1YRd/t0RAjBVAKCK7VHyRRiOu/9OAS2Pw7kW8wXp+wCfegz6 oAfwPZEqXodpUSJzc64kD54= =GL/a -----END PGP SIGNATURE----- --7CZp05NP8/gJM8Cl--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040518083527.GE73800>