Subject: Re: chroot jail for ftpd
To: Thor Lancelot Simon <>
From: Andrew Brown <>
List: tech-kern
Date: 10/17/2001 22:46:47
>So, I used to build run-from-ATA-flash bastion hosts like this:  all
>filesystems with executables mounted read-only, all writable filesystems
>mounted noexec, nodev.  Seemed simple and elegant, as well as secure; if
>I ran at securelevel 2, I thought I was pretty safe.
>Fixing this would require not allowing executable mappings if the backing
>vnode weren't executable.  I think that this is actually unquestionably
>correct, but because the original Sun implementation didn't require it,
>we will get zillions of complaints from people who say that we "broke
>shared libraries".

what about not allowing executable mappings if the backing filesystem
doesn't allow it?

|-----< "CODE WARRIOR" >-----|             * "ah!  i see you have the internet (Andrew Brown)                that goes *ping*!"       * "information is power -- share the wealth."