[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Jailkit-users] Security explanation about jailkit (and other)

From: Pol Hallen
Subject: Re: [Jailkit-users] Security explanation about jailkit (and other)
Date: Tue, 26 Jun 2007 19:21:58 -0000
User-agent: Thunderbird (Windows/20070604)

if you fail (2) your security might be worse than without a chroot jail. However, almost all jailkit utilities abort immediately if they detect such as jail. In the development version I've made these checks even more thorough.
Hi and thanks 4 your reply, now my ideas are clears!

But i've some doubt:

i tried jk_check -v -c /etc/jailkit/jk_check.ini jail
and the output show me same errors (u can jk_check.output attachments file)

my jk_check.ini is:

ignorepathoncompare = /home/jail/home, /home/jail/etc, /home/jail/tmp/
ignorewritableforgroup = /home/jail/tmp
ignorewritableforothers = /home/jail/tmp

I installed now the jail env.

similary if i do:

jk_update -vj /home/jail

checking jail/usr/bin/mawk
checking jail/usr/bin/tac
checking jail/usr/bin/find
checking jail/usr/bin/ssh
scannign dir jail/opt/ for outdated files
error while scannign dir jail/opt/: No such file or directory
(jk_update attachments 4 see whole file)

why jk_check see me the errors while if i do a jk_update the jail env
seems ok?

Maybe is because jail isn't familiar to me
and sorry if i take u a lot of time, but if i wish donate a jail shells
to friends of mine, i prefer be sure (specially about security risk).

And last thing:

if i try do ping host
ping: icmp open socket: Operation not permitted

(ssh in a internet host is ok).


Attachment: jk_update.tar.bz2
Description: Binary data

Attachment: jk_check.output.tar.bz2
Description: Binary data

reply via email to

[Prev in Thread] Current Thread [Next in Thread]