Kevin Chadwick <ma1l1ists <at> yahoo.co.uk> writes: > > > > > Security and chroots aren't things I would associate, you need better. > > A wide misconception. Chroots are easily implemented and add security > almost for free (often /dev/log is all that is needed) and so can be > used by default without any potential problems, they also never bring > new risks and always make life difficult for an attacker to raise > priviledges or get what they are actually after when done > correctly. Even at a simple level it should be obvious that they can > just nullify the payload so the attacker simply goes elsewhere. Does
Bwahahahahahahahahahahahahahahahahahaha! (To casual observers: the entire paragraph is very wrong.) Yes, chroots help isolating things, but, just like systrace(4), they are far from being inescapable. bye, //mirabilos -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/loom.20140429t173408-...@post.gmane.org