chroot (was Re: Need Help with the Debian Securing Manual (contributions accepted))
In article <20010924032741.B15557@dat.etsit.upm.es> firstname.lastname@example.org writes:
> I am not sure everybody is aware of the "Securing Debian Manual"
>which can be found at
>http://www.debian.org/doc/manuals/securing-debian-howto/. In any case, I'm
>asking for some help with this document due to the current overload of
>information I'm suffering.
One major problem I've noticed is it seems to perpetuate common
misconseptions about chroot. If you have root access in a chroot
enviornment, it's quite possible to break out and take over the whole
system. (I've know of two ways off the top of my head, I'm sure there
are others.) Giving untrusted code root access in a chroot enviornment
is security by obscurity -- worthless against a determined attacker
and the people setting it up are deluding themselves that their system
(Perhaps you should consider a section on "security by obscurity" and
why it is useless.)
Running non-root in a chroot enviornment does add a level of
protection. (You can't access world-readable files.)
Chroot was designed as a software testing tool, not a security tool.
Blars Blarson email@example.com
"Text is a way we cheat time." -- Patrick Nielsen Hayden