| 1 |
Hi Vaeth, |
| 2 |
on Tue, Sep 16, 2008 at 08:36:28PM +0200, you wrote: |
| 3 |
> > > Also a chroot jail is not a security feature: There are several |
| 4 |
> > > ways known how to break out. |
| 5 |
> > |
| 6 |
> > [...] But there's only one reason I can see why you'd use a |
| 7 |
> > chroot environment *except* for security and that's to have more than |
| 8 |
> > one set of system binaries active at the same time for different |
| 9 |
> > applications. |
| 10 |
> |
| 11 |
> Or simply several systems (e.g. amd64 and x86, or gentoo and debian, |
| 12 |
> or your boot disk and your newly installed system [the install handbook |
| 13 |
> makes massive use of chroot]). This is exactly what chroot was made for. |
| 14 |
|
| 15 |
Sure, that's why I kept it as general als "more than one set", be it a |
| 16 |
different architecture/vendor/purpose/whatever. |
| 17 |
|
| 18 |
> > I'd say the vast majority of chroot jails are there for nothing |
| 19 |
> > else but security. |
| 20 |
> |
| 21 |
> Alan Cox: "chroot is not and never has been a security tool", see e.g. |
| 22 |
> http://kerneltrap.org/Linux/Abusing_chroot |
| 23 |
|
| 24 |
No disrespect to Mr. Cox but a silly argument stays a silly argument |
| 25 |
even if brought forward by Alan. Programs like postfix certainly don't |
| 26 |
use chroots for security because they were designed noobs or incompetent |
| 27 |
people. Alan acknowledges that "Normal users cannot use chroot() |
| 28 |
themselves so they can't use chroot to get back out" but insists on his |
| 29 |
point, completely ignoring that doing a chroot() immediately followed by |
| 30 |
dropping your root privileges is exactly the recommended way to use it |
| 31 |
for security. That's not to say that setting up a vserver for each of |
| 32 |
your programs exposed to the net wasn't *more* secure than a chroot if |
| 33 |
you want to do it but it's certainly a whole lot more secure if used |
| 34 |
properly than not doing it at all. |
| 35 |
|
| 36 |
cheers, |
| 37 |
Matthias |
| 38 |
|
| 39 |
-- |
| 40 |
I prefer encrypted and signed messages. KeyID: FAC37665 |
| 41 |
Fingerprint: 8C16 3F0A A6FC DF0D 19B0 8DEF 48D9 1700 FAC3 7665 |
Archives