Subject: Re: chroot jail for ftpd
To: Thor Lancelot Simon <tls@rek.tjls.com>
From: gabriel rosenkoetter <gr@eclipsed.net>
List: tech-security
Date: 10/18/2001 17:21:33
--hdW7zL/qDS6RXdAL
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Thu, Oct 18, 2001 at 04:47:30PM -0400, Thor Lancelot Simon wrote:
> Yeah, let's do a special-purpose hack instead of actually enforcing the
> consistent rule that executable code has to come from an executable file.
>=20
> Gack.

Hrm. Well, when you put it that way...

But we have the unfortunate problem that enforcing this rule
consistently is something that we have been *not* doing for a very
long time. It's also something that other Unix-like operating
systems have been not doing for a very long time. (And probably
won't start doing any time soon.)

Doing it right sounds great. But maybe with, a little leniency about
the immediacy of the change?

--=20
       ~ g r @ eclipsed.net

--hdW7zL/qDS6RXdAL
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (NetBSD)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjvPR90ACgkQ9ehacAz5CRr67wCfSZ6heybJ5DHMEqreDgYDC+P8
pr0An3bUf2iYHcWPfFFUxmHZp0fOGsJJ
=z8ce
-----END PGP SIGNATURE-----

--hdW7zL/qDS6RXdAL--