Date: Thu, 15 Dec 2005 22:23:38 -0500 From: Kris Kennaway <kris@obsecurity.org> To: Dieter <freebsd@sopwith.solgatos.com> Cc: freebsd-questions@freebsd.org Subject: Re: chroot and /dev Message-ID: <20051216032338.GA41927@xor.obsecurity.org> In-Reply-To: <200512160318.DAA13843@sopwith.solgatos.com> References: <200512160318.DAA13843@sopwith.solgatos.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--tThc/1wpZn/ma/RB Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Dec 15, 2005 at 07:18:11PM +0000, Dieter wrote: > How does one provide one or two devices, e.g. /dev/null > for a chroot environment? >=20 > Device nodes created by mknod do not work. >=20 > mount_devfs creates an entire device tree, negating > the security of the chroot. See the jail manpage (jail is better than chroot if security is your goal). Kris --tThc/1wpZn/ma/RB Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQFDojM5Wry0BWjoQKURAksoAJ4t04Ee5iO90JPClcSqeavGyouNlwCg3f5k KO79Zcpnj41AGf/BqnFwpzw= =dkXg -----END PGP SIGNATURE----- --tThc/1wpZn/ma/RB--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20051216032338.GA41927>