Re: goals for hardening Debian: ideas and help wanted

To: Patrick Schleizer <adrelanos@riseup.net>
Cc: debian-security@lists.debian.org
Subject: Re: goals for hardening Debian: ideas and help wanted
From: Elmar Stellnberger <estellnb@gmail.com>
Date: Tue, 29 Apr 2014 16:58:34 +0200
Message-id: <[🔎] 6DA36CF6-1942-45B3-831F-4689D20218AC@gmail.com>
In-reply-to: <[🔎] 535F926E.3080307@riseup.net>
References: <[🔎] 1398308259.7980.49.camel@chianamo> <[🔎] 20140429020744.26376063@eunet.rs> <[🔎] CAKTje6FK8+7X-HrHNV-+jhN2yRnKouoBgZY6c7HSG5E3OZeM_A@mail.gmail.com> <[🔎] 20140429122053.2c7a5495@eunet.rs> <[🔎] 535F926E.3080307@riseup.net>

> 
> chroot is not a security feature?
> 
> As far I understand, chroots in Debian/Fedora aren't jails.
> 
> Source:
> https://securityblog.redhat.com/2013/03/27/is-chroot-a-security-feature/
> 

In deed a Linux chroot - environment is not a jail.
You could use sth. like grsecurity to harden Linux chroot environments; 
or any MAC (Mandatory Access) system like SELinux.  
You may also read a bit about the security of chroot at http://www.elstel.org/xchroot/ (the first two sections).

Reply to:

References:
- goals for hardening Debian: ideas and help wanted
  - From: Paul Wise <pabs@debian.org>
- Re: goals for hardening Debian: ideas and help wanted
  - From: Marko Randjelovic <markoran@EUnet.rs>
- Re: goals for hardening Debian: ideas and help wanted
  - From: Paul Wise <pabs@debian.org>
- Re: goals for hardening Debian: ideas and help wanted
  - From: Marko Randjelovic <markoran@eunet.rs>
- Re: goals for hardening Debian: ideas and help wanted
  - From: Patrick Schleizer <adrelanos@riseup.net>

Prev by Date: Re: goals for hardening Debian: ideas and help wanted
Next by Date: Re: goals for hardening Debian: ideas and help wanted
Previous by thread: Re: goals for hardening Debian: ideas and help wanted
Next by thread: Re: goals for hardening Debian: ideas and help wanted
Index(es):
- Date
- Thread