On Tue, Aug 05, 2003 at 03:55:55AM -0700, Terry Lambert wrote: > Through the credential passing? I thought that wasn't reliable > for this type of thing. Specifically, the jail would be in an > untrusted protection domain; if you just accepted the credential > blindly, then anyone could be root in the jail, and you could not > trust it. > > If you didn't accept it blindly, then regular root loses existing > functionality. > > I'm pretty sure that, at least the last time I looke at it, the > credential passing code didn't pass information about jail status. [deletia]
Sorry, you are right. Despite the subject line, I wasn't thinking of jails at this point, but just of removing the setuid bit from ping. Cheers, -- Jacques Vidrine . NTT/Verio SME . FreeBSD UNIX . Heimdal [EMAIL PROTECTED] . [EMAIL PROTECTED] . [EMAIL PROTECTED] . [EMAIL PROTECTED] _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "[EMAIL PROTECTED]"