Re: putting Apache into chroot()-prison

To: aphro@portal.aphroland.org, romulus@arcormail.de
Cc: debian-user@lists.debian.org
Subject: Re: putting Apache into chroot()-prison
From: JoshNarins@aol.com
Date: Fri, 29 Dec 2000 13:09:13 EST
Message-id: <[🔎] 2f.eec6dcf.277e2d49@aol.com>

From what I've been able to gather,
chroot can be secure,
but only if the user can never get root.
FreeBSD's jail had a recent problem.
Mounting /proc inside the chroot is not a good idea.

In a message dated 12/27/00 7:01:21 PM Eastern Standard Time,
aphro@portal.aphroland.org writes:

not to discourage youb ut its pretty well known chroot() is not
an ultimate solution for security, it has been in the past
rather easy to break out of it, from what i remember you
may be better off running freebsd and it's jail() (??)
function which is a suped up chroot(). all im trying to say
is don't expect chroot() to improve seucrity much, a determined
cracker can defeat it(esp on linux) pretty easy. search BUGTRAQ
for the discussions on the latest BIND problems(probably
about 6 months ago..) interesting discussions.

Reply to:

Prev by Date: magneto optical, driver support
Next by Date: Re: Apache Error: srm.conf
Previous by thread: Re: putting Apache into chroot()-prison
Next by thread: lilo.conf -modifying
Index(es):
- Date
- Thread