Date: Thu, 23 Aug 2001 22:26:22 +0400 (MSD) From: Alexey Zakirov <frank@agava.com> Cc: <freebsd-security@FreeBSD.ORG> Subject: Re: jail & security Message-ID: <Pine.BSF.4.32.0108232220370.47618-100000@hellbell.domain> In-Reply-To: <002901c12bd9$d7ecc300$45e03ac3@skif.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 23 Aug 2001, Igor Melnichuk wrote: > > jail. You can use login classes in a jail just as you can outside it. See > > login.conf(5) > > www.designcurve.net/articles/os/freebsd/doc/man/?section=&topic=login.conf > > 100% true and it works fine. But You can't restrict 'root' in case when You > have to delegate this privileges to somebody (to make customization of > apache for instance). Such user can always override 'login.conf' so this is yep. you can do it for trusted users. but you can't do it for _untrusted_ users. There is a pretty simple patch that doesn't allow change the limits inside a jail(2), but it also requires very experience to get it safe. *** WBR, Alexey Zakirov (frank@agava.com) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.32.0108232220370.47618-100000>