[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Jailkit-users] Security explanation about jailkit (and other)
From: |
Pol Hallen |
Subject: |
Re: [Jailkit-users] Security explanation about jailkit (and other) |
Date: |
Tue, 26 Jun 2007 19:21:58 -0000 |
User-agent: |
Thunderbird 2.0.0.4 (Windows/20070604) |
if you fail (2) your security might be worse than without a chroot jail.
However, almost all jailkit utilities abort immediately if they detect
such as jail. In the development version I've made these checks even
more thorough.
Hi and thanks 4 your reply, now my ideas are clears!
But i've some doubt:
i tried jk_check -v -c /etc/jailkit/jk_check.ini jail
and the output show me same errors (u can jk_check.output attachments file)
my jk_check.ini is:
[/home/jail]
ignorepathoncompare = /home/jail/home, /home/jail/etc, /home/jail/tmp/
ignorewritableforgroup = /home/jail/tmp
ignorewritableforothers = /home/jail/tmp
I installed now the jail env.
similary if i do:
jk_update -vj /home/jail
[...]
checking jail/usr/bin/mawk
checking jail/usr/bin/tac
checking jail/usr/bin/find
checking jail/usr/bin/ssh
scannign dir jail/opt/ for outdated files
error while scannign dir jail/opt/: No such file or directory
(jk_update attachments 4 see whole file)
why jk_check see me the errors while if i do a jk_update the jail env
seems ok?
Maybe is because jail isn't familiar to me
and sorry if i take u a lot of time, but if i wish donate a jail shells
to friends of mine, i prefer be sure (specially about security risk).
And last thing:
if i try do ping host
ping: icmp open socket: Operation not permitted
(ssh in a internet host is ok).
Thanks!
Pol
jk_update.tar.bz2
Description: Binary data
jk_check.output.tar.bz2
Description: Binary data