On Nov 28, 2007 5:15 PM, Josh More <<a href="mailto:morej@alliancetechnologies.net">morej@alliancetechnologies.net</a>> wrote:<br><div class="gmail_quote"><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
that jail. For systems that don't work this, look into use chroot to<br>jail specific dangerous daemons.<br><br></blockquote><div><br>Perhaps our resident security experts can clear up something for me. Alan Cox says (
<a href="http://kerneltrap.org/Linux/Abusing_chroot">http://kerneltrap.org/Linux/Abusing_chroot</a>):<br><pre>chroot is not and never has been a security tool. People have built<br>things based upon the properties of chroot but extended (BSD jails, Linux
<br>vserver) but they are quite different.<br><br><br>So, is chroot a valid tool to use to jail dangerous daemons? It would seem that the kernel folks say no. But that's the only context I've heard anyone talk about chroot in.
<br><br>Chris<br><br></pre><br></div></div>