Idea about 'skeleton jail
Denis Shaposhnikov
dsh at vlink.ru
Sun Mar 13 03:00:47 PST 2005
>>>>> "Frank" == Frank Knobbe <frank at knobbe.us> writes:
Frank> If you nullfs these directories, you loose the ability to
Frank> prune the jail. Pruning is part of system hardening. I'd
May be it's better to use unionfs, so anybody can replace binaries
with their stub version pre jail.
--
DSS5-RIPE DSS-RIPN 2:550/5068 at fidonet 2:550/5069 at fidonet
mailto:dsh at vlink.ru http://neva.vlink.ru/~dsh/
More information about the freebsd-hackers
mailing list