When Not to Use chroot

Hyena writes "Linux guru Alan Cox is quoted as saying 'chroot is not and never has been a security tool' in a KernelTrap article summarizing a lengthy thread on the Linux Kernel mailing list. The discussion began with a patch attempting to 'fix a security hole' in the Unix chroot command, trying to improve the ability of chroot to contain a process. When it was pointed out that people have been using chroot as a security tool for years, another kernel hacker retorted, 'incompetent people implementing security solutions are a real problem.' A quick search on the terms 'chroot+security' quickly reveals that many people have long thought (wrongly) that chroot's purpose was for improving security."

Re:misleading...Re:Asshole Stereotype

[tnk1]

Heck, I don't even know what chroot is, which must make me dried dog piss on a hot fire hydrant in this guy's eyes.

On the other hand, you aren't trying to post a fix to a part of the OS that relies on knowledge you don't appear to have.

My guess is that its okay to be ignorant of the internals of the OS and system commands, just as long as you don't go trying to tell other people how they are supposed to work. I think that's probably fair.