1 |
Matthias Bethke wrote: |
2 |
|
3 |
> Hi Vaeth, [...] |
4 |
> > |
5 |
> > Also a chroot jail is not a security feature: There are several |
6 |
> > ways known how to break out. |
7 |
> |
8 |
> [...] But there's only one reason I can see why you'd use a |
9 |
> chroot environment *except* for security and that's to have more than |
10 |
> one set of system binaries active at the same time for different |
11 |
> applications. |
12 |
|
13 |
Or simply several systems (e.g. amd64 and x86, or gentoo and debian, |
14 |
or your boot disk and your newly installed system [the install handbook |
15 |
makes massive use of chroot]). This is exactly what chroot was made for. |
16 |
|
17 |
> I'd say the vast majority of chroot jails are there for nothing |
18 |
> else but security. |
19 |
|
20 |
Alan Cox: "chroot is not and never has been a security tool", see e.g. |
21 |
http://kerneltrap.org/Linux/Abusing_chroot |