Gentoo Archives: gentoo-hardened

From:	"Vlad \\\"SATtva\\\" Miller" <sattva@××××××××××.info>
To:	gentoo-hardened@l.g.o
Subject:	Re: [gentoo-hardened] Re: to chroot or not to chroot
Date:	Sat, 13 Jun 2009 18:03:01
Message-Id:	`4A33E9F4.5090605@vladmiller.info`
In Reply to:	[gentoo-hardened] Re: to chroot or not to chroot by 7v5w7go9ub0o <7v5w7go9ub0o@gmail.com>

1	7v5w7go9ub0o (11.06.2009 23:53):
2	> RijilV wrote:
3	>> 2009/6/10 7v5w7go9ub0o
4	>> <7v5w7go9ub0o-Re5JQEeQqe8AvxtiuMwx3w@××××××××××××.org>:
5	>>> FWIW, I jail/chroot everything that connects to the net; e.g.
6	>>> browsers, mail client, tor client, DNS server, nmap, snort, dhcpcd
7	>>> ..... everything.
8	>>
9	>> What are you using to do your chrooting?
10	>>
11	>> .r'
12	>>
13	>
14	> A man named Steve Friedl has written much about creating and breaking
15	> out of chroot jails; I use his program "runchroot".
16	>
17	> Here's his home page:
18	> <http://unixwiz.net/techtips/chroot-practices.html#brkout>
19	>
20	> I believe the script can be found in this "registerware" article: "Go
21	> Directly to Jail. Available on all Linux and Unix systems, chroot jails
22	> can secure untrusted applications and make trusted ones almost
23	> impenetrable. Heres how to build them." <http://www.linux-mag.com/id/1230>
24
25	Although there is indeed a link to download the script from that page
26	(http://www.linux-mag.com/downloads/2002-12/jail/), unfortunately it
27	leads to 404. But google turned up this:
28	http://www.linux-mag.com/downloads/2002-12/jail/runchroot.c
29	Should there be anything beyond this source file?
30
31	--
32	SATtva \| security & privacy consulting
33	www.vladmiller.info \| www.pgpru.com

Subject	Author
[gentoo-hardened] Re: to chroot or not to chroot	7v5w7go9ub0o <7v5w7go9ub0o@×××××.com>