Date: Mon, 7 Jan 2002 12:35:32 -0600 From: "Jacques A. Vidrine" <n@nectar.cc> To: Joe Abley <jabley@automagic.org> Cc: cjclark@alum.mit.edu, Haikal Saadh <wyldephyre2@yahoo.com>, stable@FreeBSD.ORG Subject: Re: Chrooted bind out of the box Message-ID: <20020107183532.GA94047@madman.nectar.cc> In-Reply-To: <20020107090632.P95067@buffoon.automagic.org> References: <000001c195b1$db087880$41c801ca@warhawk> <20020105140846.D204@gohan.cjclark.org> <20020105222558.A95067@buffoon.automagic.org> <20020106112345.B237@gohan.cjclark.org> <20020107090632.P95067@buffoon.automagic.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Jan 07, 2002 at 09:06:32AM -0500, Joe Abley wrote: > On Sun, Jan 06, 2002 at 11:23:45AM -0800, Crist J. Clark wrote: > > and you still need to run as > > bind:bind for chrooting to be much of a security measure. > > I will disagree with your last point... You might want to think about that some more. chroot'd or not, root can do what it wants --- such as create device nodes for your disk devices and mount them. Cheers, -- Jacques A. Vidrine <n@nectar.cc> http://www.nectar.cc/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020107183532.GA94047>