> On Thursday 03 March 2005 05:23 pm, Ean Kingston wrote: >> > On Thursday 03 March 2005 12:42 pm, Chris Hodgins >> wrote: >> >> [cut original question and answer] >> >> >> Ok perhaps I should clarify what my intentions are a >> little >> >> more. I am planning on providing a FreeBSD jail for >> any member >> >> of a geek society I am a member of. When I say they >> are >> >> untrusted, I mean that I won't be giving them full >> root access >> >> to my server but I trust them enough not to do >> anything >> >> malicious inside a jail. It is just like a fun place >> they can >> >> play and not have to worry to much about breaking >> things. >> >> >> >> How easy is it exactly to break out of a jail if you >> have access >> >> to development tools? >> > >> > http://www.securiteam.com/unixfocus/5WP031535U.html >> >> How current is this? The article appears to be dated >> 2001. Are >> there still buffer-overflow issues with /proc? >> > > 5.3 and later no longer need proc and it's not mounted by > default. > >> > If you use securelevels you can a sigificantly improve >> security. > > -- > Anish Mistry >
The jail manpage instructs to mount proc when starting a jail and the /etc/rc.d/jail scripts mounts both devfs and procfs. Are you saying this is not needed and if so why and how to disable? Thanks. -- Viren Patel _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
