Re: Grsecurity, ssh and postfix
Domonkos Czinke wrote:
> I think you won't have to make a unique jail for ssh, you can use the
> pam module which is designed especially for this. Unfortunately AFAIK
> debian does not support that module, so you will have to compile your
> own packages. Btw you can switch off the double chroot restrictions
> under Grsec Customize > Filesystem Protections > Chroot jail
> restrictions (NEW) > [ ] Deny double-chroots
If you enable double-chroots, does this mean that root can trivial break
out of a chroot environment?
Reply to: