Re: [Jailkit-users] Security explanation about jailkit

jailkit-users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Jailkit-users] Security explanation about jailkit

From:	Olivier Sessink
Subject:	Re: [Jailkit-users] Security explanation about jailkit
Date:	Tue, 26 Jun 2007 20:11:39 +0200
User-agent:	Icedove 1.5.0.12 (X11/20070607)

Pol Hallen wrote:

Hi,
i discoverd jailkit now and i afraid about its security.

I use debian stable with last version of jailkit.
I red in homepage info about security and (imho) I concluded that the best tohave a high security should be use jailkit on separate filesystem with nosuidflag.
But i'm however afraid :-|

Could someone help me to increase secutity settings?
Thanks!

as long as 1) you don't have any setuid-root binaries inside the chrootjail and 2) your / /lib/ /etc/ directories are owned root and notwritable for anybody else, you are pretty safe.

If you have setuid-root binaries (1), your security may (in the worstcase) be equal to having the process or user on the real system and notin the chroot jail at all. (it's never worse compared to no-chroot-jail)

if you fail (2) your security might be worse than without a chroot jail.However, almost all jailkit utilities abort immediately if they detectsuch as jail. In the development version I've made these checks evenmore thorough.


regards,
        Olivier

[Prev in Thread]

Current Thread

[Next in Thread]

[Jailkit-users] Security explanation about jailkit, Pol Hallen, 2007/06/26
- Re: [Jailkit-users] Security explanation about jailkit, Olivier Sessink <=

Prev by Date: RE: [Jailkit-users] Jailkit on Fedora 7
Next by Date: Re: [Jailkit-users] Jailkit on Fedora 7
Previous by thread: [Jailkit-users] Security explanation about jailkit
Next by thread: [Jailkit-users] Jailkit on Fedora 7
Index(es):
- Date
- Thread