Re: goals for hardening Debian: ideas and help wanted
Kevin Chadwick <ma1l1ists <at> yahoo.co.uk> writes:
> > > > > Security and chroots aren't things I would associate, you need
better.
>
> A wide misconception. Chroots are easily implemented and add security
> almost for free (often /dev/log is all that is needed) and so can be
> used by default without any potential problems, they also never bring
> new risks and always make life difficult for an attacker to raise
> priviledges or get what they are actually after when done
> correctly. Even at a simple level it should be obvious that they can
> just nullify the payload so the attacker simply goes elsewhere. Does
Bwahahahahahahahahahahahahahahahahahaha!
(To casual observers: the entire paragraph is very wrong.)
Yes, chroots help isolating things, but, just like systrace(4), they
are far from being inescapable.
bye,
//mirabilos
Reply to: