The first thing I do not like is that makejail needs a lot of additional software: python, stat, file etc.. As we all know, on production systems is better to have less software because of potential security holes. OK, we can remove all software after instalation, but how to upgrade then chrooted applications, install python, etc. again? Second, it does not create $CHROOT/etc/passwd and $CHROOT/etc/group correct. We can do it by hand, but can we trust a program (script) which can not do: gawk -F":" '$1 ~ /apache/' /etc/passwd > $CHROOT/etc/passwd ? I do not think so. Now I try write a script for creation of chrooted environment which uses standart unix tools: bash, ldd, gawk (awk), grep, file. In case of success I send link to you ;-)
Regards, Martynas Sk, 2003-01-05 02:16, Javier Fernández-Sanguino Peña rašė: > On Sat, Jan 04, 2003 at 09:00:45PM +0200, Martynas Domarkas wrote: > > Hi, I'm currently trying to use makejail... it does not work very good. > > Could you elaborate more on this? I would like to know which issues > have you come up with. > > Also, you might want to take a loot at the (recent) Appendix added > to the "Securing Debian Manual" on how to setup a chroot environment for > Apache: > http://www.debian.org/doc/manuals/securing-debian-howto/ap-chroot-apache-env.en.html > > Regards > > Javi
