2011/5/9 Dag-Erling Smørgrav <d...@des.no>: > Jason Hellenthal <jh...@dataix.net> writes: >> Chris Rees <utis...@gmail.com> writes: >> > I've updated the docs patches (links at [1]), though unfortunately it >> > means it's a little less elegant; I'm reluctant to suggest >> > >> > # chmod 0700 $D/.. >> Haha I would strongly suggest against that ;) Not knowing where people are >> keeping the jails would impose quite a bit of harm if they did have them >> in places like that or /var/jailname. > > What do you mean, "not knowing where people are keeping the jails"? > Only root can start a jail, so there is no risk of anyone starting a > hidden jail somewhere. Besides, jls(8) lists the root path of each > jail.
>From a docs point of view, if I were to type: # setenv D /usr/local/myjail and then: # chmod 0700 $D/.. then I'd end up chmod'ing 700 /usr/local This is the point I'm making, I can't recommend in the docs that one chmods $D/.. because we (the docs writers) don't know what the user (the reader) is going to set $D to. Chris _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
