Re: goals for hardening Debian: ideas and help wanted
Marko Randjelovic:
> On Tue, 29 Apr 2014 11:52:14 +0000
> Patrick Schleizer <adrelanos@riseup.net> wrote:
>
>> Marko Randjelovic:
>>> I was thinking about some kind
>>> of wizard:
>>>
>>> - create a chroot if doesn't already exist
>>> - create a launcher for your DE
>>> - create a shell script to run a program from terminal or a simple WM
>>>
>>> hint: chroot $CHROOT_PATH su - $USER -c "$command_with_args"
>>
>> chroot is not a security feature?
>>
>> As far I understand, chroots in Debian/Fedora aren't jails.
>>
>> Source:
>> https://securityblog.redhat.com/2013/03/27/is-chroot-a-security-feature/
>>
>>
>
>> it is not really a security feature, it is closer to what we would call a hardening feature.
>
> Well, we have the word "hardening" in the subject, I'm not sure
> what OP meant, probably he ment more "security" then "hardening",
> but grsecurity which is mentioned in wiki[1] contains features to
> prevent breaking out of chroot, so combined with grsecurity chroot
> might be called a security feature?
>
> [1] https://wiki.debian.org/Hardening/Goals
I see. Sure, if possible, that would be an interesting security feature!
Reply to: