Vlad "SATtva" Miller wrote:
7v5w7go9ub0o (11.06.2009 23:53):
RijilV wrote:
2009/6/10 7v5w7go9ub0o
<7v5w7go9ub0o-re5jqeeqqe8avxtiumwx3w-xmd5yjdbdmrexy1tmh2...@public.gmane.org>:
FWIW, I jail/chroot everything that connects to the net; e.g.
browsers, mail client, tor client, DNS server, nmap, snort, dhcpcd
..... everything.
What are you using to do your chrooting?
.r'
A man named Steve Friedl has written much about creating and breaking
out of chroot jails; I use his program "runchroot".
Here's his home page:
<http://unixwiz.net/techtips/chroot-practices.html#brkout>
I believe the script can be found in this "registerware" article: "Go
Directly to Jail. Available on all Linux and Unix systems, chroot jails
can secure untrusted applications and make trusted ones almost
impenetrable. HereÃÂÃÂs how to build them."
<http://www.linux-mag.com/id/1230>
Although there is indeed a link to download the script from that page
(http://www.linux-mag.com/downloads/2002-12/jail/), unfortunately it
leads to 404. But google turned up this:
http://www.linux-mag.com/downloads/2002-12/jail/runchroot.c
Should there be anything beyond this source file?
Nope.... that's all there is to the wrapper.
gcc runchroot.c -o runchroot
chown root runchroot
chmod u+s runchroot
HTH
