Date: Thu, 9 Nov 2006 10:22:59 +0000 From: "mal content" <artifact.one@googlemail.com> To: "Luke Crawford" <lsc@prgmr.com> Cc: Lowell Gilbert <freebsd-security-local@be-well.ilk.org>, freebsd-security@freebsd.org Subject: Re: Sandboxing Message-ID: <8e96a0b90611090222x5ec3be4bwa5019ed14aaa52a8@mail.gmail.com> In-Reply-To: <Pine.NEB.4.64.0611090039130.15626@luke.xen.prgmr.com> References: <8e96a0b90611080439n558022edj79febf458494ef6e@mail.gmail.com> <8e96a0b90611080441t2b486637ya10acd5a1dd77690@mail.gmail.com> <44irhq6ngd.fsf@be-well.ilk.org> <20061108142306.GA64711@owl.midgard.homeip.net> <8e96a0b90611082359jbc85b37kad6109a0aa87598@mail.gmail.com> <Pine.NEB.4.64.0611090005540.15626@luke.xen.prgmr.com> <8e96a0b90611090017x5375ed18jf3748c685ce8d2a6@mail.gmail.com> <Pine.NEB.4.64.0611090039130.15626@luke.xen.prgmr.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 09/11/06, Luke Crawford <lsc@prgmr.com> wrote: > jail is the best sandbox FreeBSD has; if that's to heavy, simply run it > setuid to another user that doesn't have permission to anything- it's not > as good of a sandbox, but it's lightweight. > Of course there is another problem with this approach: a different UID isn't allowed to connect to :0.0 on the X server under the FreeBSD default security settings for X. MC
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8e96a0b90611090222x5ec3be4bwa5019ed14aaa52a8>