[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: goals for hardening Debian: ideas and help wanted

On Tue, 29 Apr 2014 11:52:14 +0000
Patrick Schleizer <adrelanos@riseup.net> wrote:

> Marko Randjelovic:
> > I was thinking about some kind
> > of wizard:
> > 
> > - create a chroot if doesn't already exist
> > - create a launcher for your DE
> > - create a shell script to run a program from terminal or a simple WM
> > 
> > hint: chroot $CHROOT_PATH su - $USER -c "$command_with_args"
> 
> chroot is not a security feature?
> 
> As far I understand, chroots in Debian/Fedora aren't jails.
> 
> Source:
> https://securityblog.redhat.com/2013/03/27/is-chroot-a-security-feature/
> 
> 

> it is not really a security feature, it is closer to what we would call a hardening feature.

Well, we have the word "hardening" in the subject, I'm not sure
what OP meant, probably he ment more "security" then "hardening",
but grsecurity which is mentioned in wiki[1] contains features to
prevent breaking out of chroot, so combined with grsecurity chroot
might be called a security feature?

[1] https://wiki.debian.org/Hardening/Goals

-- 
http://markorandjelovic.hopto.org

One should not be afraid of humans.
Well, I am not afraid of humans, but of what is inhuman in them.
    Ivo Andric, "Signs near the travel-road"
Reply to: