WebApp Sec mailing list archives
Re: Chroot jails
From: Mamading Ceesay <mamading () gmail com>
Date: Tue, 20 Sep 2005 18:40:45 +0100
On 20/09/05, Steve.Cummings () barclayscapital com
Wondered if people could give me their opinions on chroot jails on solaris and linux, am interested in both manageability but more interested in whether anyone has broken out of one
Don't have much to say about Solaris beyond suggesting checking out the Zones feature on Solaris 10. As for chroot jails on linux, they are escapable unless you have a hardened kernel. GRSec, BSDjail and VServer patches all make Linux chroot jails pretty much unbreakable. SELinux probably has a similar feature, but I'm not aware of it. One important alternative to chroot jails on Linux is virtualization via projects like VServer and Xen. These can be used to create virtual Linux environments isolated from each other and the actual underlying Linux environment. -- Mamading Ceesay "[The reformers'] remedies do not cure the disease: they merely prolong it.... The proper aim is to try and reconstruct society on such a basis that poverty will be impossible." -- Oscar Wilde
Current thread:
- Chroot jails Steve.Cummings (Sep 20)
- Re: Chroot jails JamesHorwath (Sep 20)
- Re: Chroot jails Antoine Martin (Sep 20)
- Re: Chroot jails Ingo Struck (Sep 20)
- Re: Chroot jails Antoine Martin (Sep 21)
- Re: Chroot jails Ingo Struck (Sep 20)
- Re: Chroot jails Mamading Ceesay (Sep 20)
- Re: Chroot jails xyberpix (Sep 20)
- Re: Chroot jails Paul Wong (Sep 21)
- <Possible follow-ups>
- RE: Chroot jails Craig Wright (Sep 20)
- RE: Chroot jails Wall, Kevin (Sep 21)