Michael H. Warfield wrote:
> If you only trust a chrooted version of apache or CERN, you are a
> fool. Chroot does help. But there ARE exploits for getting out of chrooted
> jails (especially if you manage to get superuser), just as there are
> exploits for getting superuser. I, personally, don't "only" trust ANYTHING.
> I depend on a combination of "things" of which chroot, and non-superuser
> id's are only part. I do not "trust" chroot nor a non-root user. The
> combination of the two is better. The combination of the two behind a
> firewall is still better. Those behind a filtering router are better yet
> still. Depend on one thing and it should be this: NOTHING is bullet-proof
> (or fool proof for that matter).
Trying to escape a chroot() environment, i only succeeded in killing
some processes, but
i never did succeeded in escaping. How did you manage that ?
>
> > cu, Guido Stepken
>
> Regards,
> Mike
> --
> Michael H. Warfield | (770) 985-6132 | mhw @
WittsEnd .
com
> (The Mad Wizard) | (770) 925-8248 | http://www.wittsend.com/mhw/
> NIC whois: MHW9 | An optimist believes we live in the best of all
> PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
Follow-Ups:
References:
|
|
