Subject: Re: i386 IO access and chroot()
To: NetBSD Security Technical Discussion List <firstname.lastname@example.org>
From: Andrew Brown <email@example.com>
Date: 07/13/2001 22:26:30
>> you should try not to say the phrase "chroot jail" because it's either
>> redundant or contradictory.
>> chroot(2) is the standard unix method, whereas jail(2) is a freebsd
>> invention that (i believe) similar to chroot(2) in some ways, but also
>> very different.
>Huh? I'm not confused about chroot() vs. FreeBSD's "jail(2)". Are you?
not yet, but i might be later.
>This is, after all, <tech-security@NetBSD.ORG>....
>> say chroot if you mean chroot, and say jail if you mean jail.
>When I say "chroot jail" I mean an environment that's been specifically
>designed as a ``jail'' to try to contain an untrusted process. It's
>different from a plain call to chroot(2) which may, or may not, create a
>suitable environment to be used as a ``jail''.
so why not say "chroot environment" as opposed to "jail environment"
or "chroot jail" (which can easily be confused with chroot/jail)?
>What gets complex is when you discuss a jail(2) gaol in FreeBSD circles
that seems to be pedantic. :-)
|-----< "CODE WARRIOR" >-----|
firstname.lastname@example.org * "ah! i see you have the internet
email@example.com (Andrew Brown) that goes *ping*!"
firstname.lastname@example.org * "information is power -- share the wealth."