[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Grsecurity, ssh and postfix

Domonkos Czinke wrote:

> I think you won't have to make a unique jail for ssh, you can use the
> pam module which is designed especially for this. Unfortunately AFAIK
> debian does not support that module, so you will have to compile your
> own packages. Btw you can switch off the double chroot restrictions
> under Grsec Customize > Filesystem Protections > Chroot jail
> restrictions (NEW) > [ ]    Deny double-chroots

If you enable double-chroots, does this mean that root can trivial break
out of a chroot environment?

Reply to: