On Tuesday 16 September 2008 19:29:21 Matthias Bethke wrote: > I'd say the vast majority of > chroot jails are there for nothing else but security.
Replace "security" with "warm fuzzy feeling of apparent security that actually doesn't exist" and you're close to the mark. The sole positive of using chroot like this is that (like NAT) it does happen to give a marginal increase in security at reasonably low cost. There are much better solutions with real security benefits: vservers, BSD jails, etc, etc. This is nto directed at you, I just seem to spend way too much time these days dispelling persistent myths that have taken hold in people's minds but have no real basis in fact -- alan dot mckinnon at gmail dot com
