On 00-11-30 Javier Fernandez-Sanguino Peña wrote: > I do not know if other developers are aware, but there is a nice > Security HOWTO available in > http://joker.rhwd.de/doc/Securing-Debian-HOWTO and made by Alexander > Reelsen (which I am sending this to in case he is not on the list). I think he's reading this list as he's very security interested. > I have checked it out and would really like to see it included in > the DDP and think that debian security guru's should help in Well, which package should include this documentation? May I also say, that some debian security interested guys helped in creating this document? > improving it. One thing I would like to have nicely documented is to > make chroot jails. But not Linux-wide but Debian-specific, that is: What should be documented? Mostly you need to have all config files, libaries and binaries in the same structure as under / in a seperate dir, where you chroot to. > is there a way to build packages available in Debian in order to > easily install them chrooted? My first thought is that only if the You don't need to statically link packages to chroot them. You can also chroot them, if they use dynamic linking, but then you need to copy these libs also into the chroot-dir. > ideas? Also, since the package would depend on other packages we > need to have this in the chrooted environment too, is there an > *easy* way to do this? (without needing to have two package > databases) No, that's why I think chroots should always be set up by the admin and not by any tool. And a good idea knows how to create chroots even for programs using dynamic linking. Ciao Christian -- Debian Developer and Quality Assurance Team Member 1024/26CC7853 31E6 A8CA 68FC 284F 7D16 63EC A9E6 67FF 26CC 7853
Attachment:
pgpIdTo1mf9eo.pgp
Description: PGP signature