Subject: Re: chroot jail for ftpd
To: Jonathan Stone <jonathan@DSG.Stanford.EDU>
From: Andrew Brown <>
List: tech-kern
Date: 10/18/2001 18:44:56
>>Yes, highly verbotten.  There is another way to accomplish this.  I'll
>>take a look, but I would suggest making THAT check dependent on a sysctl
>>variable that defaults to "off".
>I already suggested the sysctl.  Problem is, this check doesnt
>acutally close the loophole Thor is worried about, unless you also
>(at a minimum) prohibit anyone from setting x bits on files on a
>filesystem mounted writable-but-noexec.

oh yeah.  there's always something.  i guess the mmap/noexec check is
the "best" solution.

|-----< "CODE WARRIOR" >-----|             * "ah!  i see you have the internet (Andrew Brown)                that goes *ping*!"       * "information is power -- share the wealth."