7v5w7go9ub0o (11.06.2009 23:53): > RijilV wrote: >> 2009/6/10 7v5w7go9ub0o >> <7v5w7go9ub0o-re5jqeeqqe8avxtiumw...@public.gmane.org>: >>> FWIW, I jail/chroot everything that connects to the net; e.g. >>> browsers, mail client, tor client, DNS server, nmap, snort, dhcpcd >>> ..... everything. >> >> What are you using to do your chrooting? >> >> .r' >> > > A man named Steve Friedl has written much about creating and breaking > out of chroot jails; I use his program "runchroot". > > Here's his home page: > <http://unixwiz.net/techtips/chroot-practices.html#brkout> > > I believe the script can be found in this "registerware" article: "Go > Directly to Jail. Available on all Linux and Unix systems, chroot jails > can secure untrusted applications and make trusted ones almost > impenetrable. Heres how to build them." <http://www.linux-mag.com/id/1230>
Although there is indeed a link to download the script from that page (http://www.linux-mag.com/downloads/2002-12/jail/), unfortunately it leads to 404. But google turned up this: http://www.linux-mag.com/downloads/2002-12/jail/runchroot.c Should there be anything beyond this source file? -- SATtva | security & privacy consulting www.vladmiller.info | www.pgpru.com
