On Tue, 29 Apr 2014 11:52:14 +0000 Patrick Schleizer <[email protected]> wrote:
> Marko Randjelovic: > > I was thinking about some kind > > of wizard: > > > > - create a chroot if doesn't already exist > > - create a launcher for your DE > > - create a shell script to run a program from terminal or a simple WM > > > > hint: chroot $CHROOT_PATH su - $USER -c "$command_with_args" > > chroot is not a security feature? > > As far I understand, chroots in Debian/Fedora aren't jails. > > Source: > https://securityblog.redhat.com/2013/03/27/is-chroot-a-security-feature/ > > > it is not really a security feature, it is closer to what we would call a > hardening feature. Well, we have the word "hardening" in the subject, I'm not sure what OP meant, probably he ment more "security" then "hardening", but grsecurity which is mentioned in wiki[1] contains features to prevent breaking out of chroot, so combined with grsecurity chroot might be called a security feature? [1] https://wiki.debian.org/Hardening/Goals -- http://markorandjelovic.hopto.org One should not be afraid of humans. Well, I am not afraid of humans, but of what is inhuman in them. Ivo Andric, "Signs near the travel-road" -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]
