From owner-freebsd-security Mon Jul 27 15:35:41 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id PAA26382 for freebsd-security-outgoing; Mon, 27 Jul 1998 15:35:41 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from spawn.nectar.com (spawn.nectar.com [204.27.67.86]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id PAA26330 for ; Mon, 27 Jul 1998 15:35:17 -0700 (PDT) (envelope-from nectar@spawn.nectar.com) Received: from localhost.nectar.com ([127.0.0.1] helo=spawn.nectar.com) by spawn.nectar.com with esmtp (Exim 1.92 #1) for freebsd-security@FreeBSD.ORG id 0z0vqs-0001ui-00; Mon, 27 Jul 1998 17:34:42 -0500 X-Mailer: exmh version 2.0.2 2/24/98 X-PGP-RSAfprint: 00 F9 E6 A2 C5 4D 0A 76 26 8B 8B 57 73 D0 DE EE X-PGP-RSAkey: http://www.nectar.com/nectar-pgp262.txt From: Jacques Vidrine In-reply-to: <199807272218.SAA14531@brain.zeus.leitch.com> References: <199807272218.SAA14531@brain.zeus.leitch.com> Subject: Re: inetd enhancements (fwd) To: freebsd-security@FreeBSD.ORG Date: Mon, 27 Jul 1998 17:34:42 -0500 Message-Id: Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- On 27 July 1998 at 18:18, woods@zeus.leitch.com (Greg A. Woods) wrote: > There's a version of this feature in NetBSD's inetd. I don't know if > it's similar to your idea or to PR#2387's, but it would be nice to see > all BSDs use the same config file interface.... Thanks for the pointer, I'll go check it out. > This is probably better done by a wrapper. Getting the chroot area set > up can be very tricky and anyone capable of doing so can easily write > the appropriate wrapper too. The reason I want to incorporate it into inetd is that so many wrappers are: #! /bin/sh /usr/sbin/chroot /my-chroot-dir /my-executable Also, by sticking the chroot() in inetd, it is easy to give up root privs after the chroot. This is not so easily done in a script after you've chroot()'d, without sticking copies of ``su'' all around, or using setuid executables. - -- Jacques Vidrine -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBNb0AgjeRhT8JRySpAQGiAAP/XdzXxhuK2C81dljGtDiC/4acHOwMsbjD SaPWtfnU9D7JxZCBKPWP1vSrHV6fCLlUdi/NL5qieqyGkYJ5nkZaIuKo3YYyhq4O FikADsVWLhrylxKsfYNHchVmm2WDrE7yb62FhQjljGL47+UmW+HP2qXaVS5PERQZ KFaD2h3CXo0= =/wVR -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message