[GLLUG] Chroot Jail's in Linux
Caleb Cushing
xenoterracide at gmail.com
Fri Mar 2 22:54:02 EST 2007
to prove a point Linux has chroot jail. I'm not sure how they stack up
to bsd's jails but they exist
to quote "grsecurity now includes many additional memory address
space protections to prevent buffer overflow exploits from succeeding,
as well as enhanced chroot( ) jail restrictions, increased
randomization of process and IP IDs, and increased auditing features
that enable you to track every process executed on a system.
grsecurity also adds a sophisticated access control list system that
makes use of Linux's capabilities system. This ACL system can be used
to limit the privileged operations that individual processes are able
to perform on a case-by-case basis." --Network Security Hacks, Hack
13.
I'm 90% sure that chroots' can be done with selinux as well. I'm not
sure of rsbac or app armor though. (think I missed one)
More information about the linux-user
mailing list