From owner-freebsd-security Mon May 31 23:13:39 1999 Delivered-To: freebsd-security@freebsd.org Received: from critter.freebsd.dk (critter.freebsd.dk [212.242.40.131]) by hub.freebsd.org (Postfix) with ESMTP id E75F8155F3 for ; Mon, 31 May 1999 23:13:35 -0700 (PDT) (envelope-from phk@critter.freebsd.dk) Received: from critter.freebsd.dk (localhost [127.0.0.1]) by critter.freebsd.dk (8.9.3/8.9.2) with ESMTP id IAA18871; Tue, 1 Jun 1999 08:12:33 +0200 (CEST) (envelope-from phk@critter.freebsd.dk) To: Unknow User Cc: Kris Kennaway , security@FreeBSD.ORG Subject: Re: Shell Account system In-reply-to: Your message of "Mon, 31 May 1999 23:16:04 -0300." <37534264.6D29110A@tdnet.com.br.> Date: Tue, 01 Jun 1999 08:12:32 +0200 Message-ID: <18869.928217552@critter.freebsd.dk> From: Poul-Henning Kamp Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Look at the jail(2) facility in -current. It severely limits the bad things people can do, without limiting the good things. In message <37534264.6D29110A@tdnet.com.br.>, Unknow User writes: >Yeah, thanks, but the system is for anyone able to pay, so, you can say >i trust nobody. > >Kris Kennaway wrote: >> >> On Mon, 31 May 1999, Joe Gleason wrote: >> >> [Snip] >> >> Good advice, but running a shell account for people who you don't really trust >> is still not a wise move for the inexperienced, and not something you can >> easily document in a webpage. UNIX security is a way of life - there are any >> number of things which the unwary can trip over which could potentially >> compromise your machine. >> >> If it's for a small group of users who you trust fairly well, you >> probably should be okay, though. > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-security" in the body of the message > -- Poul-Henning Kamp FreeBSD coreteam member phk@FreeBSD.ORG "Real hackers run -current on their laptop." FreeBSD -- It will take a long time before progress goes too far! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message