|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Greg A. Woods (woods
weird.com)Date: Fri Jul 13 2001 - 18:43:04 CDT
[ On Friday, July 13, 2001 at 19:30:47 (-0400), Andrew Brown wrote: ]
> Subject: Re: i386 IO access and chroot()
>
> you should try not to say the phrase "chroot jail" because it's either
> redundant or contradictory.
>
> chroot(2) is the standard unix method, whereas jail(2) is a freebsd
> invention that (i believe) similar to chroot(2) in some ways, but also
> very different.
Huh? I'm not confused about chroot() vs. FreeBSD's "jail(2)". Are you?
This is, after all, <tech-securityNetBSD.ORG>....
> say chroot if you mean chroot, and say jail if you mean jail.
When I say "chroot jail" I mean an environment that's been specifically
designed as a ``jail'' to try to contain an untrusted process. It's
different from a plain call to chroot(2) which may, or may not, create a
suitable environment to be used as a ``jail''.
What gets complex is when you discuss a jail(2) gaol in FreeBSD circles
though.... :-)
-- Greg A. Woods+1 416 218-0098 VE3TCP <gwoods
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]