On Thu, Dec 29, 2011 at 12:30:23PM -0800, Xin Li wrote: > >> On Thu, Dec 29, 2011 at 11:00 AM, John Baldwin <jhb@freebsd.org> > > Another route might have been set an env > > var I already suggest it as one of possible ways. > Using an environment variable may be not a good idea since it can be > easily overridden, and I think if the program runs something inside > the chroot, the jailed chroot would have more proper setup to avoid > this type of attack? In case user (more precisely, ftpd) runs any program which resides in=20 /incoming/, nothing helps in anycase. In case ftpd runs known programs=20 =66rom known locations only, it can't be overriden because known program=20 (say, ls) is not malicious by itself and can be turned malicious only by=20 loading .so from current directory, which env variable prevents. --=20 http://ache.vniz.net/ _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"