Hi Vaeth, on Tue, Sep 16, 2008 at 08:36:28PM +0200, you wrote: > > > Also a chroot jail is not a security feature: There are several > > > ways known how to break out. > > > > [...] But there's only one reason I can see why you'd use a > > chroot environment *except* for security and that's to have more than > > one set of system binaries active at the same time for different > > applications. > > Or simply several systems (e.g. amd64 and x86, or gentoo and debian, > or your boot disk and your newly installed system [the install handbook > makes massive use of chroot]). This is exactly what chroot was made for.
Sure, that's why I kept it as general als "more than one set", be it a different architecture/vendor/purpose/whatever. > > I'd say the vast majority of chroot jails are there for nothing > > else but security. > > Alan Cox: "chroot is not and never has been a security tool", see e.g. > http://kerneltrap.org/Linux/Abusing_chroot No disrespect to Mr. Cox but a silly argument stays a silly argument even if brought forward by Alan. Programs like postfix certainly don't use chroots for security because they were designed noobs or incompetent people. Alan acknowledges that "Normal users cannot use chroot() themselves so they can't use chroot to get back out" but insists on his point, completely ignoring that doing a chroot() immediately followed by dropping your root privileges is exactly the recommended way to use it for security. That's not to say that setting up a vserver for each of your programs exposed to the net wasn't *more* secure than a chroot if you want to do it but it's certainly a whole lot more secure if used properly than not doing it at all. cheers, Matthias -- I prefer encrypted and signed messages. KeyID: FAC37665 Fingerprint: 8C16 3F0A A6FC DF0D 19B0 8DEF 48D9 1700 FAC3 7665
pgpO5vRqjdOl0.pgp
Description: PGP signature
