Subject: Re: i386 IO access and chroot()
To: NetBSD Security Technical Discussion List <firstname.lastname@example.org>
From: Greg A. Woods <email@example.com>
Date: 07/13/2001 19:43:04
[ On Friday, July 13, 2001 at 19:30:47 (-0400), Andrew Brown wrote: ]
> Subject: Re: i386 IO access and chroot()
> you should try not to say the phrase "chroot jail" because it's either
> redundant or contradictory.
> chroot(2) is the standard unix method, whereas jail(2) is a freebsd
> invention that (i believe) similar to chroot(2) in some ways, but also
> very different.
Huh? I'm not confused about chroot() vs. FreeBSD's "jail(2)". Are you?
This is, after all, <tech-security@NetBSD.ORG>....
> say chroot if you mean chroot, and say jail if you mean jail.
When I say "chroot jail" I mean an environment that's been specifically
designed as a ``jail'' to try to contain an untrusted process. It's
different from a plain call to chroot(2) which may, or may not, create a
suitable environment to be used as a ``jail''.
What gets complex is when you discuss a jail(2) gaol in FreeBSD circles
Greg A. Woods
+1 416 218-0098 VE3TCP <firstname.lastname@example.org> <email@example.com>
Planix, Inc. <firstname.lastname@example.org>; Secrets of the Weird <email@example.com>