Re: Grsecurity, ssh and postfix

To: Domonkos Czinke <domonkos.czinke@keystone.hu>
Cc: Arnaud Fontaine <dsdebian@free.fr>, debian-security@lists.debian.org
Subject: Re: Grsecurity, ssh and postfix
From: Florian Weimer <fw@deneb.enyo.de>
Date: Tue, 9 Dec 2003 15:56:59 +0100
Message-id: <[🔎] 20031209145659.GA4044@deneb.enyo.de>
In-reply-to: <[🔎] 663094E307F13E459D80FB7C5A830C10D80524@loire.internal.nextra.hu>
References: <[🔎] 663094E307F13E459D80FB7C5A830C10D80524@loire.internal.nextra.hu>

Domonkos Czinke wrote:

> I think you won't have to make a unique jail for ssh, you can use the
> pam module which is designed especially for this. Unfortunately AFAIK
> debian does not support that module, so you will have to compile your
> own packages. Btw you can switch off the double chroot restrictions
> under Grsec Customize > Filesystem Protections > Chroot jail
> restrictions (NEW) > [ ]    Deny double-chroots

If you enable double-chroots, does this mean that root can trivial break
out of a chroot environment?

Reply to:

References:
- RE: Grsecurity, ssh and postfix
  - From: "Domonkos Czinke" <domonkos.czinke@keystone.hu>

Prev by Date: Re: testing/Release not signed by the same key than non-US/testing/Release
Next by Date: Q. Should one mirror debian.security.org? Good or Bad Idea?
Previous by thread: RE: Grsecurity, ssh and postfix
Next by thread: Re: Grsecurity, ssh and postfix
Index(es):
- Date
- Thread