From owner-freebsd-newbies Wed Oct 17 9: 0:50 2001 Delivered-To: freebsd-newbies@freebsd.org Received: from mail.broadpark.no (mail.broadpark.no [217.13.4.2]) by hub.freebsd.org (Postfix) with ESMTP id B03AB37B403 for ; Wed, 17 Oct 2001 09:00:43 -0700 (PDT) Received: from stardust (217-13-6-22.dd.nextgentel.com [217.13.6.22]) by mail.broadpark.no (Postfix) with SMTP id EB93081CA; Wed, 17 Oct 2001 18:00:36 +0200 (MET DST) Message-ID: <017601c15724$91b51f10$0200000a@stardust> From: =?iso-8859-1?Q?=D8rjan_W_T=F8nder?= To: "David Oleszkiewicz" Cc: References: <20011017082041.V3201-100000@labrador.dhs.org> Subject: Re: tested the jail command.... Date: Wed, 17 Oct 2001 17:58:31 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-freebsd-newbies@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org thanx :) didnt need that like 18teen times any way :/ jail is supposed to make an virtual machine inside the machine i have running, and make the system more secure against h4x0rz so when i hacker tryes to root the system the h4x0r only roots the jail system and not the real system ... the problem is that i cant understand who2 build the world for that new system ----- Original Message ----- From: "David Oleszkiewicz" To: "Ørjan W Tønder" Cc: Sent: Wednesday, October 17, 2001 17:23 Subject: Re: tested the jail command.... > I don't know much about the jails, but i thought the idea was that you > make a /var/jail dir and then you chmod 000 it. This means that the > application can't write or read any files and especially can't make new > ones. my impression was that you run some daemon there that doesn't need > to open or close any new files. so the daemon opens the files it needs > and then chdir()'s to the jail directory and the idea it that it can't > hurt the system in anyway if someone try's to exploit some buffer overflow > bug. i'm not sure if some of this applies to what you are trying to do, > but it would seem to coincide with things not working or being created. > > dave > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-newbies" in the body of the message