[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian Security-HOWTO

On 00-11-30 Javier Fernandez-Sanguino Peña wrote:
>	I do not know if other developers are aware, but there is a nice
> 	Security HOWTO available in
> 	http://joker.rhwd.de/doc/Securing-Debian-HOWTO and made by Alexander
> 	Reelsen (which I am sending this to in case he is not on the list).

I think he's reading this list as he's very security interested.

> 	I have checked it out and would really like to see it included in
> 	the DDP and think that debian security guru's should help in

Well, which package should include this documentation? May I also say,
that some debian security interested guys helped in creating this

> 	improving it. One thing I would like to have nicely documented is to
> 	make chroot jails. But not Linux-wide but Debian-specific, that is:

What should be documented? Mostly you need to have all config files,
libaries and binaries in the same structure as under / in a seperate
dir, where you chroot to.

> 	is there a way to build packages available in Debian in order to
> 	easily install them chrooted?  My first thought is that only if the

You don't need to statically link packages to chroot them. You can also
chroot them, if they use dynamic linking, but then you need to copy
these libs also into the chroot-dir.

> 	ideas? Also, since the package would depend on other packages we
> 	need to have this in the chrooted environment too, is there an
> 	*easy* way to do this?  (without needing to have two package
> 	databases)

No, that's why I think chroots should always be set up by the admin and
not by any tool. And a good idea knows how to create chroots even for
programs using dynamic linking.

          Debian Developer and Quality Assurance Team Member
    1024/26CC7853 31E6 A8CA 68FC 284F 7D16  63EC A9E6 67FF 26CC 7853

Attachment: pgpIdTo1mf9eo.pgp
Description: PGP signature

Reply to: