Slashdot Mirror

← Back to Stories (view on slashdot.org)

When Not to Use chroot

Posted by CowboyNeal on from the trust-no-one dept.

Hyena writes "Linux guru Alan Cox is quoted as saying 'chroot is not and never has been a security tool' in a KernelTrap article summarizing a lengthy thread on the Linux Kernel mailing list. The discussion began with a patch attempting to 'fix a security hole' in the Unix chroot command, trying to improve the ability of chroot to contain a process. When it was pointed out that people have been using chroot as a security tool for years, another kernel hacker retorted, 'incompetent people implementing security solutions are a real problem.' A quick search on the terms 'chroot+security' quickly reveals that many people have long thought (wrongly) that chroot's purpose was for improving security."

3 of 407 comments (clear)

  1. Re:misleading... by evilviper · · Score: 0, Troll

    Assuming that everyone running a server is going to be a super-genius who wants to spend all day researching everything-- having that expectation is retarded.

    No, what's stupid is suggesting that a mailing-list or forum full of unpaid experts should be compelled to answer your trivial questions is the 'retarded' part.

    So you get to save a couple hours, not having to search the archives for the last 100Xs they answered the exact same question, and they get to give that 5 minute answer to you, and also the 100,000 people who ask that question after you, because they, too, didn't want to spend any of their own time looking for the answers themselves.

    If you ask the experts, and don't get as much advice as you wanted, you're still better off than when you started. Insults aren't good, but of course I don't know that anyone was really insulted, as this is just one person's account of what happened... Some people have extremely thin skin, and will also often leave out the fact that they were spewing insults left and right when they didn't get the answer they wanted...
    --
    Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
  2. Re:misleading...Re:Asshole Stereotype by evilviper · · Score: 0, Troll

    Man, things like this make me want to NOT switch to Linux... Even though I had a better experience with Ubuntu that I did Vista.

    You think Windows is better, just because there isn't a public record of every screaming rant Microsoft's heads deliver to their employees?

    As a beginner, you certainly shouldn't be mailing the Linux Kernel lists, and suggesting security methods...
    --
    Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
  3. Re:misleading... by Ice+Station+Zebra · · Score: 0, Troll

    This is why I use qmail. After all, the RFC for smtp hasn't changed in how long, so why isn't postfix finished yet.