| 1 |
On Tuesday 16 September 2008 19:29:21 Matthias Bethke wrote: |
| 2 |
> I'd say the vast majority of |
| 3 |
> chroot jails are there for nothing else but security. |
| 4 |
|
| 5 |
Replace "security" with "warm fuzzy feeling of apparent security that actually |
| 6 |
doesn't exist" and you're close to the mark. The sole positive of using |
| 7 |
chroot like this is that (like NAT) it does happen to give a marginal |
| 8 |
increase in security at reasonably low cost. |
| 9 |
|
| 10 |
There are much better solutions with real security benefits: vservers, BSD |
| 11 |
jails, etc, etc. |
| 12 |
|
| 13 |
This is nto directed at you, I just seem to spend way too much time these days |
| 14 |
dispelling persistent myths that have taken hold in people's minds but have |
| 15 |
no real basis in fact |
| 16 |
|
| 17 |
-- |
| 18 |
alan dot mckinnon at gmail dot com |
Archives