|
|
Subscribe / Log in / New account

Complexity

Complexity

Posted Mar 22, 2013 18:41 UTC (Fri) by dlang (guest, #313)
In reply to: Complexity by jezuch
Parent article: Anatomy of a user namespaces vulnerability

> The problem with chroot, as I was told, is that it is not and has never been a security mechanism.

It depends on how you define 'security mechanism'

chroot has always provided security in that processes in a chroot in that it prevented that process from accessing any files outside that chroot.

This doesn't mean that this security couldn't be bypassed (if you could get root inside the chroot), but if you did not have root in the chroot, it helped.

for example, if a server had a vulerability that allowed it to access arbitrary files on the filesystem, putting it in a chroot can be very useful.

to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy