Subject: Re: i386 IO access and chroot()
To: NetBSD Security Technical Discussion List <>
From: Greg A. Woods <>
List: tech-security
Date: 07/13/2001 19:43:04
[ On Friday, July 13, 2001 at 19:30:47 (-0400), Andrew Brown wrote: ]
> Subject: Re: i386 IO access and chroot()
> you should try not to say the phrase "chroot jail" because it's either
> redundant or contradictory.
> chroot(2) is the standard unix method, whereas jail(2) is a freebsd
> invention that (i believe) similar to chroot(2) in some ways, but also
> very different.

Huh?  I'm not confused about chroot() vs. FreeBSD's "jail(2)".  Are you?

This is, after all, <tech-security@NetBSD.ORG>....

> say chroot if you mean chroot, and say jail if you mean jail.

When I say "chroot jail" I mean an environment that's been specifically
designed as a ``jail'' to try to contain an untrusted process.  It's
different from a plain call to chroot(2) which may, or may not, create a
suitable environment to be used as a ``jail''.

What gets complex is when you discuss a jail(2) gaol in FreeBSD circles
though....  :-)

							Greg A. Woods

+1 416 218-0098      VE3TCP      <>     <>
Planix, Inc. <>;   Secrets of the Weird <>