On Tue, 29 Apr 2014, Jakub Wilk wrote:
> > > A wide misconception. Chroots are easily implemented and add security
^^^^^^^^^^^
> > > almost for free (often /dev/log is all that is needed) and so can be used
> > > by default without any potential problems, they also never bring new risks
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^^^^
> > > and always make life difficult for an attacker to raise priviledges or get
^^^^^^
> > Bwahahahahahahahahahahahahahahahahahaha!
>
> Do you also laugh at people who enable hardening complier flags?
I’ve pointed out above a few reasons here. My criticism is not by
adding chroot as just another hurdle for any potential attackers,
but with trying to sell chroot as security feature. This also does
bring the new risk that people think “it uses chroot so it must be
sure”. Really, there is no magic cure-everything in security.
bye,
//mirabilos
--
[16:04:33] bkix: "veni vidi violini"
[16:04:45] bkix: "ich kam, sah und vergeigte"...
--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive:
https://lists.debian.org/alpine.deb.2.10.1404301438210.12...@tglase.lan.tarent.de
