Re: chroot useful?

[C Matthew Curtin <cmcurtin () research megasoft com>]

> > > > > "Steve" == Steven M Bellovin <smb () research att com> writes:

Steve> It is important to understand what chroot() is and what it
Steve> isn't.

Actually, this comment can be usefully abstracted to include any tool.

Peter Honeyman gave a talk at Ohio State earlier this week, and we
briefly discussed the utility of syslogd, and how common attacks
against are syslog daemons really are.

Based on the comments I heard, it sounds like I'm more paranoid than
most about the threat of knocking out a site's logging capability by
writing garbage to syslog.  Nevertheless, I'm not in the camp that
finds it useless.

Things like chroot(), syslog, and packet filtering routers are tools
that we have available in securing our systems and networks.  None are
perfect, but by understanding the utility and limitations of the tools
available to us, we can come up with relatively comprehensive security
schemes that keep unpleasant surprises to a minimum.

-- 
Matt Curtin  Chief Scientist Megasoft Online  cmcurtin () research megasoft com
http://www.research.megasoft.com/people/cmcurtin/    I speak only for myself
Keywords:  Crypto Security Privacy   Unix Internet Perl Java   Death-to-spam