Marko Randjelovic: > On Tue, 29 Apr 2014 11:52:14 +0000 > Patrick Schleizer <adrela...@riseup.net> wrote: > >> Marko Randjelovic: >>> I was thinking about some kind >>> of wizard: >>> >>> - create a chroot if doesn't already exist >>> - create a launcher for your DE >>> - create a shell script to run a program from terminal or a simple WM >>> >>> hint: chroot $CHROOT_PATH su - $USER -c "$command_with_args" >> >> chroot is not a security feature? >> >> As far I understand, chroots in Debian/Fedora aren't jails. >> >> Source: >> https://securityblog.redhat.com/2013/03/27/is-chroot-a-security-feature/ >> >> > >> it is not really a security feature, it is closer to what we would call a >> hardening feature. > > Well, we have the word "hardening" in the subject, I'm not sure > what OP meant, probably he ment more "security" then "hardening", > but grsecurity which is mentioned in wiki[1] contains features to > prevent breaking out of chroot, so combined with grsecurity chroot > might be called a security feature? > > [1] https://wiki.debian.org/Hardening/Goals
I see. Sure, if possible, that would be an interesting security feature! -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/535fe943.6070...@riseup.net
