Date: Sun, 13 Mar 2005 14:00:42 +0300 From: Denis Shaposhnikov <dsh@vlink.ru> To: Frank Knobbe <frank@knobbe.us> Cc: security@revolutionsp.com Subject: Re: Idea about 'skeleton jail Message-ID: <87d5u33j51.fsf@neva.vlink.ru> In-Reply-To: <1110689557.890.73.camel@localhost> (Frank Knobbe's message of "Sat, 12 Mar 2005 22:52:37 -0600") References: <1107178792.613.22.camel@spirit> <20050131161006.GD60177@obiwan.tataz.chchile.org> <51723.81.84.175.77.1107199764.squirrel@81.84.175.77> <1110689557.890.73.camel@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
>>>>> "Frank" == Frank Knobbe <frank@knobbe.us> writes: Frank> If you nullfs these directories, you loose the ability to Frank> prune the jail. Pruning is part of system hardening. I'd May be it's better to use unionfs, so anybody can replace binaries with their stub version pre jail. -- DSS5-RIPE DSS-RIPN 2:550/5068@fidonet 2:550/5069@fidonet mailto:dsh@vlink.ru http://neva.vlink.ru/~dsh/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?87d5u33j51.fsf>