:~>Could you expand on this "chrooted" operation, or at least tell me
:~>where I can RTFM ??
:~>vern
Sorry, I thought everyone knows this...
[root@localhost denis]# rpm -qf `which chroot `
sh-utils-2.0-6mdk
man page:
CHROOT(1) FSF CHROOT(1)
NAME
chroot - run command or interactive shell with special
root directory
...
SEE ALSO
The full documentation for chroot is maintained as a Tex�
info manual. If the info and chroot programs are properly
installed at your site, the command
info chroot
should give you access to the complete manual.
info:
File: sh-utils.info, Node: chroot invocation, Next: env invocation,
Up: Modi\
fied command invocation
`chroot': Run a command with a different root directory
=======================================================
`chroot' runs a command with a specified root directory. On many
systems, only the super-user can do this. Synopses:
chroot NEWROOT [COMMAND [ARGS]...]
chroot OPTION
Ordinarily, filenames are looked up starting at the root of the
directory structure, i.e., `/'. `chroot' changes the root to the
directory NEWROOT (which must exist) and then runs COMMAND with
optional ARGS. If COMMAND is not specified, the default is the value
of the `SHELL' environment variable or `/bin/sh' if not set, invoked
with the `-i' option.
The only options are `--help' and `--version'. *Note Common
options::.
etc. In my opinion, chroot may be a nice way to fool any future viruses or
trojans. Drawback is that you actually have to install whatever is needed
to read your attachements below this directory, which means that you need
a lot of place for it - it is like having a (subset of) distribution
installed twice. On the other hand, whatever a virus/trojan does it will
do to this "second" system, where it does bother you because it can be
easily detected and repaired, and does not interfere with working of the
system!
If "place" on HD is not a problem, this is absolutely the best way to deal
with executing mail attachements.
cu
Denis
:~>
:~>Denis HAVLIK wrote:
:~>
:~>> Would not help you much. What WOULD help is having all programs started
:~>> from mail programs chrooted to somewhere where they cannot do any damage.
:~>>
:~>> my 2c
:~>>
:~>> Denis
:~>> --
:~>> -----------------------------------------------------
:~>> Dr. Denis Havlik <http://www.ap.univie.ac.at/users/havlik>
:~>> Mandrakesoft ||| e-mail: [EMAIL PROTECTED]
:~>> Quality Assurance (@ @) (private: [EMAIL PROTECTED])
:~>> -------------------oOO--(_)--OOo---------------------
:~>> Hi! I'm a .signature virus! Copy me into your ~/.signature to help me
:~>> spread! ([EMAIL PROTECTED])
:~>
--
-----------------------------------------------------
Dr. Denis Havlik <http://www.ap.univie.ac.at/users/havlik>
Mandrakesoft ||| e-mail: [EMAIL PROTECTED]
Quality Assurance (@ @) (private: [EMAIL PROTECTED])
-------------------oOO--(_)--OOo---------------------
Hi! I'm a .signature virus! Copy me into your ~/.signature to help me
spread! ([EMAIL PROTECTED])
