Date: Fri, 18 Dec 1998 20:59:03 -0800 From: "Jordan K. Hubbard" <jkh@zippy.cdrom.com> To: Poul-Henning Kamp <phk@critter.freebsd.dk> Cc: "Marco Molteni" <molter@tin.it>, freebsd-security@FreeBSD.ORG Subject: Re: A better explanation (was: buffer overflows and chroot) Message-ID: <64700.914043543@zippy.cdrom.com> In-Reply-To: Your message of "Fri, 18 Dec 1998 21:00:56 %2B0100." <11082.914011256@critter.freebsd.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
> The basic concept is that root is only root in a jail if the filesystem > protects the rest of the system, otherwise he isn't. For instance he > can change the owner or modes on a file, but he cannot change IP# on > an interface. He can bind to a priviledged TCP port, but only on the > IP# which belongs to the jail. And so forth. Works pretty well. I assume that this works for all devices in /dev that can either be written to for raw access to devices or can be mmap'd for access to various interesting parts of memory? - Jordan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?64700.914043543>