|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Pat Lashley (patl+freebsd
volant.org)Date: Fri Jun 28 2002 - 20:34:04 CDT
--On Saturday, June 29, 2002 12:28:35 AM +0200 Poul-Henning Kamp=20
<phkcritter.freebsd.dk> wrote:
> In message <2849830000.1025137373mccaffrey.phoenix.volant.org>, Pat
> Lashley wr ites:
>>
>> --On Wednesday, June 26, 2002 09:07:36 PM +0200 Poul-Henning Kamp=3D20
>> <phkcritter.freebsd.dk> wrote:
>>
>>> Which reminds me that we should really tweak the code and put it in a
>>> jail instead of a chroot.
>>
>> Careful there. Some of us are using SSH to log into jails running
>> virtual hosting environments. The default installation needs to be able
>> to run if it is already within a jail when sshd is started.
>
> You could just fall back to chroot(2) if jail(2) failed.
My point is that the DEFAULT installation and configuration must Do
The Right Thing whether it is run in a jail or in the main server
environment. An acceptable solution would be a startup script which
was either smart enough to recognize when it is running in a jail,
or which implements a chroot fallback if the attempt to jail the sshd
fails.
-Pat
To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]