Sandboxing
mal content
artifact.one at googlemail.com
Thu Nov 9 10:23:07 UTC 2006
On 09/11/06, Luke Crawford <lsc at prgmr.com> wrote:
> jail is the best sandbox FreeBSD has; if that's to heavy, simply run it
> setuid to another user that doesn't have permission to anything- it's not
> as good of a sandbox, but it's lightweight.
>
Of course there is another problem with this approach: a different UID isn't
allowed to connect to :0.0 on the X server under the FreeBSD default
security settings for X.
MC
More information about the freebsd-security
mailing list