Date: Mon, 27 Jul 1998 17:34:42 -0500 From: Jacques Vidrine <n@nectar.com> To: freebsd-security@FreeBSD.ORG Subject: Re: inetd enhancements (fwd) Message-ID: <E0z0vqs-0001ui-00@spawn.nectar.com> In-Reply-To: <199807272218.SAA14531@brain.zeus.leitch.com> References: <Pine.BSF.3.96.980727161523.8094F-100000@fledge.watson.org> <199807272218.SAA14531@brain.zeus.leitch.com>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- On 27 July 1998 at 18:18, woods@zeus.leitch.com (Greg A. Woods) wrote: > There's a version of this feature in NetBSD's inetd. I don't know if > it's similar to your idea or to PR#2387's, but it would be nice to see > all BSDs use the same config file interface.... Thanks for the pointer, I'll go check it out. > This is probably better done by a wrapper. Getting the chroot area set > up can be very tricky and anyone capable of doing so can easily write > the appropriate wrapper too. The reason I want to incorporate it into inetd is that so many wrappers are: #! /bin/sh /usr/sbin/chroot /my-chroot-dir /my-executable Also, by sticking the chroot() in inetd, it is easy to give up root privs after the chroot. This is not so easily done in a script after you've chroot()'d, without sticking copies of ``su'' all around, or using setuid executables. - -- Jacques Vidrine <n@nectar.com> -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBNb0AgjeRhT8JRySpAQGiAAP/XdzXxhuK2C81dljGtDiC/4acHOwMsbjD SaPWtfnU9D7JxZCBKPWP1vSrHV6fCLlUdi/NL5qieqyGkYJ5nkZaIuKo3YYyhq4O FikADsVWLhrylxKsfYNHchVmm2WDrE7yb62FhQjljGL47+UmW+HP2qXaVS5PERQZ KFaD2h3CXo0= =/wVR -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E0z0vqs-0001ui-00>