On Thu, 08 May 2008 08:40:12 +0200 Bjørn Mork wrote: > martin f krafft <[EMAIL PROTECTED]> writes: >> also sprach Simon Brandmair <[EMAIL PROTECTED]> [2008.05.07.2020 +0100]: >>> > no security benefit >>> >>> Just wondering: Why not? >> >> http://www.bpfh.net/simes/computing/chroot-break.html > > You still need to be root before breaking the jail, and one of the > benefits of the chroot is the ability to limit access to potentionally > vulnerable setuid root applications.
1. And isn't it quite likely that you don't have a C compiler or a Perl interpreter inside your chroot? 2. IMHO, kernel patches like grsecurity are able to prevent some breaking strategies. Simon -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
