Xref: utzoo comp.unix.sysv386:700 alt.security:1619
Path: utzoo!utgpu!cs.utexas.edu!sdd.hp.com!ucsd!ucbvax!ucdavis!uop!cheers!greg
From: greg@cheers.Bungi.COM (Greg Onufer)
Newsgroups: comp.unix.sysv386,alt.security
Subject: Re: Here's how to stop shell escapes from vi
Message-ID: <|0K%P8&.14862@cheers.Bungi.COM>
Date: 24 Sep 90 23:52:32 GMT
References: <2441@sud509.ed.ray.com> <1990Sep18.120450.14590@nstar.uucp> <1990Sep20.153105.28394@naitc.naitc.com> <11285:Sep2022:15:2090@kr <928@mwtech.UUCP>
Organization: Cheers Bar & Grill
Lines: 14

>There are a few problems, of course:

>a) Unless you have symlinks, you can't link in files that are on a
>different filesystem.  In general, you either want to create this mini
>system on the root FS (so you can link in stuff from /bin and /usr) or
>you have to waste a lot of disk space copying those binaries.
[[ ... stuff deleted ... ]]
>Chroot plus symlinks would create the perfect secure mini-environment.

Not really.  Symlinks will not work in a chroot-ed environment since the 
files they "point" to are not accessible.  You have to use hardlinks or
copy the files.  (I encountered this with SunOS 4.0 a while back).

Cheers!greg