Date: Mon, 27 Jul 1998 19:08:09 +0000 (GMT) From: Terry Lambert <tlambert@primenet.com> To: n@nectar.com (Jacques Vidrine) Cc: hackers@FreeBSD.ORG Subject: Re: inetd enhancements Message-ID: <199807271908.MAA23572@usr02.primenet.com> In-Reply-To: <E0z0qwG-0007Xx-00@spawn.nectar.com> from "Jacques Vidrine" at Jul 27, 98 12:19:56 pm
next in thread | previous in thread | raw e-mail | index | archive | help
> I'd like to add some functionality to inetd. The two features > needed are: I like the idea; I'd like more information on the implementation (a 50,000 foot view)... > * binding selected services to a particular interface Do you so this by adding an "interface list" field? > * chroot'ing before exec'ing the service Do you run as other-than-root before you do this? Root can escape a chroot jail because of the way the chroot root vnode is (in my opinion) incorrectly set to NULL instead of the real root for the non-chroot case (fixing this would incidently simplify the namei code). The "ftpd" case is especially vulnerable... Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199807271908.MAA23572>