1 |
On Tuesday 16 September 2008 19:29:21 Matthias Bethke wrote: |
2 |
> I'd say the vast majority of |
3 |
> chroot jails are there for nothing else but security. |
4 |
|
5 |
Replace "security" with "warm fuzzy feeling of apparent security that actually |
6 |
doesn't exist" and you're close to the mark. The sole positive of using |
7 |
chroot like this is that (like NAT) it does happen to give a marginal |
8 |
increase in security at reasonably low cost. |
9 |
|
10 |
There are much better solutions with real security benefits: vservers, BSD |
11 |
jails, etc, etc. |
12 |
|
13 |
This is nto directed at you, I just seem to spend way too much time these days |
14 |
dispelling persistent myths that have taken hold in people's minds but have |
15 |
no real basis in fact |
16 |
|
17 |
-- |
18 |
alan dot mckinnon at gmail dot com |