On Sun, Jul 25, 1999 at 11:36:49AM -0700, Matthew Dillon
<dil...@apollo.backplane.com> wrote:
> A sandbox is a security term. It can mean two things:
>
[...]
>
> UNIX implements two core sanboxes. One is at the process level, and one
> is at the userid level.
>
> Every UNIX process is completely firewalled off from every other UNIX
> process. One process can modify the address space of another. This is
^^^^
Can not. Silly typo ;)
BTW, I have running bind running chroot()'ed in /var/named (where
OpenBSD puts it). Can we now also put /var/named and all subdirs needed
into FreeBSD? We can also add '-t /var/named' flag into commented out
rc.conf startup for bind. I could supply more info to someone who can
commit this into the tree...
% tail /var/named/var/log/named-noise.log
25-Jul-1999 04:11:16.730 security: info: chrooted to /var/named
25-Jul-1999 04:11:16.871 security: info: group = bind
25-Jul-1999 04:11:16.872 security: info: user = bind
% ps ax | grep named
113 ?? Is 0:00.02 /var/named/named -u bind -g bind -t /var/named
-- Yan
To Unsubscribe: send mail to majord...@freebsd.org
with "unsubscribe freebsd-hackers" in the body of the message
