From owner-freebsd-security  Sun Jul 12 01:28:37 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id BAA23115
          for freebsd-security-outgoing; Sun, 12 Jul 1998 01:28:37 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from homeport.org (lighthouse.homeport.org [205.136.65.198])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id BAA23106
          for <security@FreeBSD.ORG>; Sun, 12 Jul 1998 01:28:35 -0700 (PDT)
          (envelope-from adam@homeport.org)
Received: (adam@localhost) by homeport.org (8.8.5/8.6.9) id DAA06281; Sun, 12 Jul 1998 03:35:08 -0400 (EDT)
From: Adam Shostack <adam@homeport.org>
Message-Id: <199807120735.DAA06281@homeport.org>
Subject: Re: chroot()
In-Reply-To: <2486.900138858@critter.freebsd.dk> from Poul-Henning Kamp at "Jul 11, 98 08:34:18 am"
To: phk@critter.freebsd.dk (Poul-Henning Kamp)
Date: Sun, 12 Jul 1998 03:35:07 -0400 (EDT)
Cc: angelos@dsl.cis.upenn.edu, security@FreeBSD.ORG
X-Mailer: ELM [version 2.4ME+ PL27 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org



Poul-Henning Kamp wrote:
| In message <199807110241.WAA21195@adk.gr>, "Angelos D. Keromytis" writes:
| 
| >Keep in mind that it's trivial to escape from a root shell if you have
| >root (or can do certain things). chroot() is unfortunately far from
| >perfect.
| 
| A FreeBSD user has paid me to strengthen the chroot() concept, and the code
| will go into FreeBSD when he has had time to get his money back through
| the use of it.

Can you talk about what strengthening you've done?

Adam



-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message