Date: Wed, 16 Dec 1998 15:55:55 +0000 From: Tony Finch <dot@dotat.at> To: current@FreeBSD.ORG Subject: Re: modification to exec in the kernel? Message-ID: <E0zqJIp-0000QT-00@fanf.noc.demon.net> In-Reply-To: <199812151650.SAA68842@greenpeace.grondar.za> References: <19981215120357.B11837@clear.co.nz> <199812142331.RAA17203@home.dragondata.com> <19981215124818.A22526@clear.co.nz> <199812150644.IAA67338@greenpeace.grondar.za> <199812150917.BAA52694@apollo.backplane.com> <19981216053701.B27078@clear.co.nz> <19981216053701.B27078@clear.co.nz>
next in thread | previous in thread | raw e-mail | index | archive | help
Mark Murray <mark@grondar.za> wrote:
>Joe Abley wrote:
>> So how is this more dangerous than a non-chrooted environment? Surely it
>> is _as_ safe - but with the added control that the user sees an appropriate
>> subset of the entire filesystem that is controlled, regardless of what the
>> system as a whole needs to have installed in order to function?
>
>You give the user Perl5, you may as well give them a C compiler.
>They'll have full access to sockets etc. Who knows what nasty
>attacks they can launch against you from inside your own network.
I think some sort of firewalling is the answer here.
>Given that the chroot'ed environment is "sanitised", it becomes
>easy to control (within its limits) and understand. I am not
>proposing security-by-obsurity here, just that you either make it
>"UNIX" and go with that warts-and-all (security patrols necessary),
>or make it tighter than a mouse's arse (and non-useful to
>scriptwriters).
Depends on the script -- if the only executable you allow the users
access to is perl it's still a useful environment.
Tony.
--
f.a.n.finch.523654357374743743747333764375697569700
fanf@demon.net
dot@dotat.at
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E0zqJIp-0000QT-00>