Re: securing server
On Thu, 08 May 2008 08:40:12 +0200 Bjørn Mork wrote:
> martin f krafft <madduck@debian.org> writes:
>> also sprach Simon Brandmair <sbrandmair@gmx.net> [2008.05.07.2020 +0100]:
>>> > no security benefit
>>>
>>> Just wondering: Why not?
>>
>> http://www.bpfh.net/simes/computing/chroot-break.html
>
> You still need to be root before breaking the jail, and one of the
> benefits of the chroot is the ability to limit access to potentionally
> vulnerable setuid root applications.
1. And isn't it quite likely that you don't have a C compiler or a Perl
interpreter inside your chroot?
2. IMHO, kernel patches like grsecurity are able to prevent some breaking
strategies.
Simon
Reply to: