Slashdot Mirror

← Back to Stories (view on slashdot.org)

When Not to Use chroot

Posted by CowboyNeal on from the trust-no-one dept.

Hyena writes "Linux guru Alan Cox is quoted as saying 'chroot is not and never has been a security tool' in a KernelTrap article summarizing a lengthy thread on the Linux Kernel mailing list. The discussion began with a patch attempting to 'fix a security hole' in the Unix chroot command, trying to improve the ability of chroot to contain a process. When it was pointed out that people have been using chroot as a security tool for years, another kernel hacker retorted, 'incompetent people implementing security solutions are a real problem.' A quick search on the terms 'chroot+security' quickly reveals that many people have long thought (wrongly) that chroot's purpose was for improving security."

2 of 407 comments (clear)

  1. No, jails are for security by kevmeister · · Score: 0, Flamebait

    The correct answer is to use jail(8) for security. That's why they exist and what they are intended for. Does Linux have jails yet? Maybe you need to switch to a BSD based system.

    --
    Kevin Oberman, Network Engineer, Retired
  2. Who is he anyway? by ByTor-2112 · · Score: 0, Flamebait

    Just because someone has written some code and has poor personal hygiene doesn't mean what they think is the end-all of a topic, much less that everything that comes out of their mouth is some fantastic headline.