[ On Friday, July 13, 2001 at 19:30:47 (-0400), Andrew Brown wrote: ]
> Subject: Re: i386 IO access and chroot()
>
> you should try not to say the phrase "chroot jail" because it's either
> redundant or contradictory.
> 
> chroot(2) is the standard unix method, whereas jail(2) is a freebsd
> invention that (i believe) similar to chroot(2) in some ways, but also
> very different.

Huh?  I'm not confused about chroot() vs. FreeBSD's "jail(2)".  Are you?

This is, after all, <tech-security@NetBSD.ORG>....

> say chroot if you mean chroot, and say jail if you mean jail.

When I say "chroot jail" I mean an environment that's been specifically
designed as a ``jail'' to try to contain an untrusted process.  It's
different from a plain call to chroot(2) which may, or may not, create a
suitable environment to be used as a ``jail''.

What gets complex is when you discuss a jail(2) gaol in FreeBSD circles
though....  :-)

-- 
							Greg A. Woods

+1 416 218-0098      VE3TCP      <gwoods@acm.org>     <woods@robohack.ca>
Planix, Inc. <woods@planix.com>;   Secrets of the Weird <woods@weird.com>