Subject: Re: i386 IO access and chroot()
To: NetBSD Security Technical Discussion List <>
From: Andrew Brown <>
List: tech-security
Date: 07/13/2001 22:26:30
>> you should try not to say the phrase "chroot jail" because it's either
>> redundant or contradictory.
>> chroot(2) is the standard unix method, whereas jail(2) is a freebsd
>> invention that (i believe) similar to chroot(2) in some ways, but also
>> very different.
>Huh?  I'm not confused about chroot() vs. FreeBSD's "jail(2)".  Are you?

not yet, but i might be later.

>This is, after all, <tech-security@NetBSD.ORG>....

>> say chroot if you mean chroot, and say jail if you mean jail.
>When I say "chroot jail" I mean an environment that's been specifically
>designed as a ``jail'' to try to contain an untrusted process.  It's
>different from a plain call to chroot(2) which may, or may not, create a
>suitable environment to be used as a ``jail''.

so why not say "chroot environment" as opposed to "jail environment"
or "chroot jail" (which can easily be confused with chroot/jail)?

>What gets complex is when you discuss a jail(2) gaol in FreeBSD circles
>though....  :-)

that seems to be pedantic.  :-)

|-----< "CODE WARRIOR" >-----|             * "ah!  i see you have the internet (Andrew Brown)                that goes *ping*!"       * "information is power -- share the wealth."