[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Hurd Projects
From: |
Thomas Bushnell, BSG |
Subject: |
Re: Hurd Projects |
Date: |
01 Jan 2002 11:46:39 -0800 |
User-agent: |
Gnus/5.09 (Gnus v5.9.0) Emacs/21.1 |
nisse@lysator.liu.se (Niels M繹ller) writes:
> tb@becket.net (Thomas Bushnell, BSG) writes:
>
> > A cautionary note: In Unix, you can use chroot as a security feature
> > because of this fact. In the Hurd, however, there are other ways to
> > get back the original system root directory, so chroot is no longer
> > as useful for security purposes.
>
> How? The ability for a process to irrevocably destroy some of its
> capabilities is a nice thing to have. E.g. closing the process'
> root-fs port.
You ask the proc server for the "standard init ports".
I agree that it can be nice to irrevocably destroy capabilities, but
it's not that simple in the Hurd, alas.
- Re: Hurd Projects, Niels M繹ller, 2002/01/01
- Re: Hurd Projects,
Thomas Bushnell, BSG <=