Subject: Re: chroot jail for ftpd
To: Jonathan Stone <jonathan@DSG.Stanford.EDU>
From: Andrew Brown <email@example.com>
Date: 10/18/2001 18:44:56
>>Yes, highly verbotten. There is another way to accomplish this. I'll
>>take a look, but I would suggest making THAT check dependent on a sysctl
>>variable that defaults to "off".
>I already suggested the sysctl. Problem is, this check doesnt
>acutally close the loophole Thor is worried about, unless you also
>(at a minimum) prohibit anyone from setting x bits on files on a
>filesystem mounted writable-but-noexec.
oh yeah. there's always something. i guess the mmap/noexec check is
the "best" solution.
|-----< "CODE WARRIOR" >-----|
firstname.lastname@example.org * "ah! i see you have the internet
email@example.com (Andrew Brown) that goes *ping*!"
firstname.lastname@example.org * "information is power -- share the wealth."