[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Jailkit-users] Security explanation about jailkit

From: Olivier Sessink
Subject: Re: [Jailkit-users] Security explanation about jailkit
Date: Tue, 26 Jun 2007 20:11:39 +0200
User-agent: Icedove (X11/20070607)

Pol Hallen wrote:
i discoverd jailkit now and i afraid about its security.

I use debian stable with last version of jailkit.

I red in homepage info about security and (imho) I concluded that the best to have a high security should be use jailkit on separate filesystem with nosuid flag.

But i'm however afraid :-|

Could someone help me to increase secutity settings?

as long as 1) you don't have any setuid-root binaries inside the chroot jail and 2) your / /lib/ /etc/ directories are owned root and not writable for anybody else, you are pretty safe.

If you have setuid-root binaries (1), your security may (in the worst case) be equal to having the process or user on the real system and not in the chroot jail at all. (it's never worse compared to no-chroot-jail)

if you fail (2) your security might be worse than without a chroot jail. However, almost all jailkit utilities abort immediately if they detect such as jail. In the development version I've made these checks even more thorough.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]