On Fri, Jan 19, 2007 at 11:19:44PM +0800, krystian wrote: > It strange what you say, because a lot services under linux, can and > runs under chroot ex. DNS,HTTP,FTP,SSH(?),Mail(Postfix),Databases(MySql).
Depends on your Linux distribution. (I'd say that ssh is very unlikely to run chroot'd by default, as it rather defeats the object of having it) Anyway, we're in agreement here. MrSam said that nobody cares about running daemons chroot'd, and I was just pointing out that people do. > I know that BSD has a bit better security, but for now I' m not going to > install BSD. Both are secure if properly installed - most weaknesses come from the applications, not the kernel. But again, this was just to make the point that there are Unix users and systems which *do* care about chroot'ing. Linux is not the only fruit. > And as for linux even a bit more security like chroot services, can > increase security. I understand that chroot isn't perfect but if you add > e.g. GRsecurity patch , it has a big advantage over non chroot environment. > It doesn't cost me a lot (at least I hope),to install in chroot, so why > I shouldn't do that. I'm not disagreeing here either. Incidentally, FreeBSD's "jail" is better; it's chroot plus additional restrictions (e.g. can only bind to a single IP address; cannot tweak sysctls). Regards, Brian. ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Courier-imap mailing list Courier-imap@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-imap
