Date: Sun, 12 Jul 1998 11:32:27 +0200 From: Poul-Henning Kamp <phk@critter.freebsd.dk> To: Adam Shostack <adam@homeport.org> Cc: angelos@dsl.cis.upenn.edu, security@FreeBSD.ORG Subject: Re: chroot() Message-ID: <356.900235947@critter.freebsd.dk> In-Reply-To: Your message of "Sun, 12 Jul 1998 03:35:07 EDT." <199807120735.DAA06281@homeport.org>
next in thread | previous in thread | raw e-mail | index | archive | help
>Poul-Henning Kamp wrote: >| In message <199807110241.WAA21195@adk.gr>, "Angelos D. Keromytis" writes: >| >| >Keep in mind that it's trivial to escape from a root shell if you have >| >root (or can do certain things). chroot() is unfortunately far from >| >perfect. >| >| A FreeBSD user has paid me to strengthen the chroot() concept, and the code >| will go into FreeBSD when he has had time to get his money back through >| the use of it. > >Can you talk about what strengthening you've done? You give them an IP# and their own root password, they can't fuck you over except for resource contention (filling disks, hogging cpu &c). -- Poul-Henning Kamp FreeBSD coreteam member phk@FreeBSD.ORG "Real hackers run -current on their laptop." "ttyv0" -- What UNIX calls a $20K state-of-the-art, 3D, hi-res color terminal To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?356.900235947>