From: | "Vlad \\\"SATtva\\\" Miller" <sattva@××××××××××.info> | ||
---|---|---|---|
To: | gentoo-hardened@l.g.o | ||
Subject: | Re: [gentoo-hardened] Re: to chroot or not to chroot | ||
Date: | Sat, 13 Jun 2009 18:03:01 | ||
Message-Id: | 4A33E9F4.5090605@vladmiller.info | ||
In Reply to: | [gentoo-hardened] Re: to chroot or not to chroot by 7v5w7go9ub0o <7v5w7go9ub0o@gmail.com> |
1 | 7v5w7go9ub0o (11.06.2009 23:53): |
2 | > RijilV wrote: |
3 | >> 2009/6/10 7v5w7go9ub0o |
4 | >> <7v5w7go9ub0o-Re5JQEeQqe8AvxtiuMwx3w@××××××××××××.org>: |
5 | >>> FWIW, I jail/chroot everything that connects to the net; e.g. |
6 | >>> browsers, mail client, tor client, DNS server, nmap, snort, dhcpcd |
7 | >>> ..... everything. |
8 | >> |
9 | >> What are you using to do your chrooting? |
10 | >> |
11 | >> .r' |
12 | >> |
13 | > |
14 | > A man named Steve Friedl has written much about creating and breaking |
15 | > out of chroot jails; I use his program "runchroot". |
16 | > |
17 | > Here's his home page: |
18 | > <http://unixwiz.net/techtips/chroot-practices.html#brkout> |
19 | > |
20 | > I believe the script can be found in this "registerware" article: "Go |
21 | > Directly to Jail. Available on all Linux and Unix systems, chroot jails |
22 | > can secure untrusted applications and make trusted ones almost |
23 | > impenetrable. Heres how to build them." <http://www.linux-mag.com/id/1230> |
24 | |
25 | Although there is indeed a link to download the script from that page |
26 | (http://www.linux-mag.com/downloads/2002-12/jail/), unfortunately it |
27 | leads to 404. But google turned up this: |
28 | http://www.linux-mag.com/downloads/2002-12/jail/runchroot.c |
29 | Should there be anything beyond this source file? |
30 | |
31 | -- |
32 | SATtva | security & privacy consulting |
33 | www.vladmiller.info | www.pgpru.com |
Subject | Author |
---|---|
[gentoo-hardened] Re: to chroot or not to chroot | 7v5w7go9ub0o <7v5w7go9ub0o@×××××.com> |