1 |
Vlad "SATtva" Miller wrote: |
2 |
> 7v5w7go9ub0o (11.06.2009 23:53): |
3 |
>> RijilV wrote: |
4 |
>>> 2009/6/10 7v5w7go9ub0o |
5 |
>>> <7v5w7go9ub0o-Re5JQEeQqe8AvxtiuMwx3w-XMD5yJDbdMReXY1tMh2IBg@××××××××××××.org>: |
6 |
>>>> FWIW, I jail/chroot everything that connects to the net; e.g. |
7 |
>>>> browsers, mail client, tor client, DNS server, nmap, snort, dhcpcd |
8 |
>>>> ..... everything. |
9 |
>>> What are you using to do your chrooting? |
10 |
>>> |
11 |
>>> .r' |
12 |
>>> |
13 |
>> A man named Steve Friedl has written much about creating and breaking |
14 |
>> out of chroot jails; I use his program "runchroot". |
15 |
>> |
16 |
>> Here's his home page: |
17 |
>> <http://unixwiz.net/techtips/chroot-practices.html#brkout> |
18 |
>> |
19 |
>> I believe the script can be found in this "registerware" article: "Go |
20 |
>> Directly to Jail. Available on all Linux and Unix systems, chroot jails |
21 |
>> can secure untrusted applications and make trusted ones almost |
22 |
>> impenetrable. HereÃÂÃÂs how to build them." <http://www.linux-mag.com/id/1230> |
23 |
> |
24 |
> Although there is indeed a link to download the script from that page |
25 |
> (http://www.linux-mag.com/downloads/2002-12/jail/), unfortunately it |
26 |
> leads to 404. But google turned up this: |
27 |
> http://www.linux-mag.com/downloads/2002-12/jail/runchroot.c |
28 |
> Should there be anything beyond this source file? |
29 |
> |
30 |
|
31 |
Nope.... that's all there is to the wrapper. |
32 |
|
33 |
gcc runchroot.c -o runchroot |
34 |
chown root runchroot |
35 |
chmod u+s runchroot |
36 |
|
37 |
|
38 |
HTH |