Re: goals for hardening Debian: ideas and help wanted

[Thorsten Glaser <tg@debian.org>]

Kevin Chadwick <ma1l1ists <at> yahoo.co.uk> writes:

> > > > > Security and chroots aren't things I would associate, you need
better.
> 
> A wide misconception. Chroots are easily implemented and add security
> almost for free (often /dev/log is all that is needed) and so can be
> used by default without any potential problems, they also never bring
> new risks and always make life difficult for an attacker to raise
> priviledges or get what they are actually after when done
> correctly. Even at a simple level it should be obvious that they can
> just nullify the payload so the attacker simply goes elsewhere. Does

Bwahahahahahahahahahahahahahahahahahaha!

(To casual observers: the entire paragraph is very wrong.)

Yes, chroots help isolating things, but, just like systrace(4), they
are far from being inescapable.

bye,
//mirabilos