Firewalls: Re: Type enforcement vs chroot and buffers

Firewalls
(January 1996)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Type enforcement vs chroot and buffers
From:	peter @ nmti . com (Peter da Silva)
Date:	Tue, 2 Jan 1996 09:11:15 -0600 (CST)
To:	matt @ lordmuck . itd . uts . edu . au (Jas)
Cc:	mrm @ alpharel . com, firewalls @ GreatCircle . COM, smith @ sctc . com
In-reply-to:	<199512080552 . QAA03786 @ lordmuck . itd . uts . edu . au> from "Jas" at Dec 8, 95 04:52:18 pm

> > and followed, chroot works. A lot of "if's", sad to say. And too
> > bad sockets weren't in filespace.

> well in SVR4 sockets are in the filespace (via /dev/tcp, /dev/udp, and
> libsocket)

That's not significantly better in terms of security, since it's all
or nothing. To be any use it'd have to be something like "/dev/tcp/25"
and so on...

References:

Re: Type enforcement vs chroot and buffers
From: Jas (Matthew K) <matt @ lordmuck . itd . uts . edu . au>

Indexed By Date	Previous:	Where to find Endorsed Product List From: gaus @ znanost . hr (Damir Rajnovic)
Indexed By Date	Next:	Source Routing and Disabling From: Ray Hooker <rayhook @ ibm . net>
Indexed By Thread	Previous:	Re: Type enforcement vs chroot and buffers From: Jas (Matthew K) <matt @ lordmuck . itd . uts . edu . au>
Indexed By Thread	Next:	Re: Type enforcement vs chroot and buffers From: kris @ schulung . netuse . de (Kristian Köhntopp)