1 |
Hi Vaeth, |
2 |
on Tue, Sep 16, 2008 at 08:36:28PM +0200, you wrote: |
3 |
> > > Also a chroot jail is not a security feature: There are several |
4 |
> > > ways known how to break out. |
5 |
> > |
6 |
> > [...] But there's only one reason I can see why you'd use a |
7 |
> > chroot environment *except* for security and that's to have more than |
8 |
> > one set of system binaries active at the same time for different |
9 |
> > applications. |
10 |
> |
11 |
> Or simply several systems (e.g. amd64 and x86, or gentoo and debian, |
12 |
> or your boot disk and your newly installed system [the install handbook |
13 |
> makes massive use of chroot]). This is exactly what chroot was made for. |
14 |
|
15 |
Sure, that's why I kept it as general als "more than one set", be it a |
16 |
different architecture/vendor/purpose/whatever. |
17 |
|
18 |
> > I'd say the vast majority of chroot jails are there for nothing |
19 |
> > else but security. |
20 |
> |
21 |
> Alan Cox: "chroot is not and never has been a security tool", see e.g. |
22 |
> http://kerneltrap.org/Linux/Abusing_chroot |
23 |
|
24 |
No disrespect to Mr. Cox but a silly argument stays a silly argument |
25 |
even if brought forward by Alan. Programs like postfix certainly don't |
26 |
use chroots for security because they were designed noobs or incompetent |
27 |
people. Alan acknowledges that "Normal users cannot use chroot() |
28 |
themselves so they can't use chroot to get back out" but insists on his |
29 |
point, completely ignoring that doing a chroot() immediately followed by |
30 |
dropping your root privileges is exactly the recommended way to use it |
31 |
for security. That's not to say that setting up a vserver for each of |
32 |
your programs exposed to the net wasn't *more* secure than a chroot if |
33 |
you want to do it but it's certainly a whole lot more secure if used |
34 |
properly than not doing it at all. |
35 |
|
36 |
cheers, |
37 |
Matthias |
38 |
|
39 |
-- |
40 |
I prefer encrypted and signed messages. KeyID: FAC37665 |
41 |
Fingerprint: 8C16 3F0A A6FC DF0D 19B0 8DEF 48D9 1700 FAC3 7665 |