From owner-freebsd-security  Fri Oct  8 14:16:33 1999
Delivered-To: freebsd-security@freebsd.org
Received: from critter.freebsd.dk (critter.freebsd.dk [212.242.40.131])
	by hub.freebsd.org (Postfix) with ESMTP id 295F314F3F
	for <freebsd-security@FreeBSD.ORG>; Fri,  8 Oct 1999 14:16:29 -0700 (PDT)
	(envelope-from phk@critter.freebsd.dk)
Received: from critter.freebsd.dk (localhost [127.0.0.1])
	by critter.freebsd.dk (8.9.3/8.9.2) with ESMTP id XAA05270;
	Fri, 8 Oct 1999 23:15:38 +0200 (CEST)
	(envelope-from phk@critter.freebsd.dk)
To: Justin Wells <jread@semiotek.com>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: more on chroot: "nochroot" filesystems 
In-reply-to: Your message of "Fri, 08 Oct 1999 17:12:37 EDT."
             <19991008171237.B1618@fever.semiotek.com> 
Date: Fri, 08 Oct 1999 23:15:38 +0200
Message-ID: <5268.939417338@critter.freebsd.dk>
From: Poul-Henning Kamp <phk@critter.freebsd.dk>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

In message <19991008171237.B1618@fever.semiotek.com>, Justin Wells writes:

>This defeats the "cd ../../../../../.. ; chroot ." trick, and many others.

I've tried hard to plug all escapes from chroot/jail in -current.  You
may want to consider a back port of some of those changes.

--
Poul-Henning Kamp             FreeBSD coreteam member
phk@FreeBSD.ORG               "Real hackers run -current on their laptop."
FreeBSD -- It will take a long time before progress goes too far!


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message