From owner-freebsd-security  Fri Jul 10 23:36:48 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id XAA02754
          for freebsd-security-outgoing; Fri, 10 Jul 1998 23:36:48 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from critter.freebsd.dk (critter.freebsd.dk [195.8.133.1] (may be forged))
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id XAA02749
          for <security@FreeBSD.ORG>; Fri, 10 Jul 1998 23:36:45 -0700 (PDT)
          (envelope-from phk@critter.freebsd.dk)
Received: from critter.freebsd.dk (localhost [127.0.0.1])
	by critter.freebsd.dk (8.8.7/8.8.5) with ESMTP id IAA02488;
	Sat, 11 Jul 1998 08:34:21 +0200 (CEST)
To: "Angelos D. Keromytis" <angelos@dsl.cis.upenn.edu>
cc: security@FreeBSD.ORG
Subject: Re: chroot() 
In-reply-to: Your message of "Fri, 10 Jul 1998 22:35:19 EDT."
             <199807110241.WAA21195@adk.gr> 
Date: Sat, 11 Jul 1998 08:34:18 +0200
Message-ID: <2486.900138858@critter.freebsd.dk>
From: Poul-Henning Kamp <phk@critter.freebsd.dk>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

In message <199807110241.WAA21195@adk.gr>, "Angelos D. Keromytis" writes:

>Keep in mind that it's trivial to escape from a root shell if you have
>root (or can do certain things). chroot() is unfortunately far from
>perfect.

A FreeBSD user has paid me to strengthen the chroot() concept, and the code
will go into FreeBSD when he has had time to get his money back through
the use of it.

--
Poul-Henning Kamp             FreeBSD coreteam member
phk@FreeBSD.ORG               "Real hackers run -current on their laptop."
"ttyv0" -- What UNIX calls a $20K state-of-the-art, 3D, hi-res color terminal

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message