All,
I thought I was following this thread pretty well, but ...
"peter @
baileynm .
com wrote on Mon, Feb 9, 1998:"
> Subject: Re: http server for bastion host
>
> > No, because you need access to some programs, which have well known
> > wholes in it. With chroot() it's getting difficult to reach those
> > programs. After chuid() you don't have access to privileged ports.
> > If have neither (AND) it's getting difficult.
>
Why would you do a chuid() if the access to the bastion is already blocked
by logging in as another user, unless you are on the console?
>
> But, damn it, we've established that CERN HTTPD *is* one of those programs
> already. What's the point in building a jail when you lock the keys inside?
>
That being the case, how are the keys 'inside'? The jailer controls the
whole machine from the 'root-console', yes???
Bob De Witt,
rdew @
el .
nec .
com
Follow-Ups:
|
|
