[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: chroot() break

To: misc_(_at_)_openbsd_(_dot_)_org
Subject: Re: chroot() break
From: "Dr. Evil" <drevil_(_at_)_sidereal_(_dot_)_kz>
Date: 27 May 2001 08:58:13 -0000
Cc:

> I'd note that "jail is in principle a good idea, but hard to do and not worth
> developer time at the moment" would also be convincing.  But when we see
> FreeBSD create what looks like a stronger chroot, and we ask why OpenBSD
> doesn't copy this stronger chroot, especially as OpenBSD has no objection to
> using chroot itself, then asserting that jail doesn't do any good isn't
> convincing.  

Things like jail and chroot are just subsets of the full power of a
Trusted system.  I personally think that OpenBSD is right to not
bother with jail, etc.  Either we should go all the way with a trusted
system, or we should just stick with plain old Unix.

I'm following the TrustedBSD project (www.trustedbsd.org) and also the
eros project (www.eros-os.org) closely, because I think this kind of
thing is the next step in security.  If you could combine these new
security designs with OpenBSD's incredible code quality, wow.

References:
- Re: chroot() break
  - From: Uwe Ohse
- Re: chroot() break
  - From: Damien Sullivan

Prev by Date: Re: Disabling Root Access
Next by Date: Alpha and Sun
Previous by thread: Re: chroot() break
Next by thread: RE: ports
Index(es):
- Date
- Thread

Visit your host, monkey.org