On Mon, 01 Jul 2002 00:10:46 -0600 FemmeFatale <[EMAIL PROTECTED]> said with temporary authority
> daRcmaTTeR wrote: > <Giant snip> > > And I love the fact that it chroot, (jails) things by default, so > > there isn't any hair-pulling to get that taken care of. > > > sounds like a cool ftp file program. stupid question: why is chroot > a good thing? > > Jail? Scuse me i'm slow today :) > > -- > Femme > > Good Decisions You boss Made: > > "We'll do as you suggest and go with Linux. I've always liked that > character from Peanuts." > > - Source: Dilbert Femme, In the past script kiddies have used some of the original capabilities of ftp to login, and take over computers. ie ftp up a program (root-kit, etc) then login to the ftp directory compile it and run it. When you chroot the program root gets set to the directory the user is in. As far as they are concerned there exists nothing higher on the directory tree than where they are This means that if they do manage to exploit something the damage they can do is limited to the "jail" that they are in. Other advantages include, but not limited to, 1. They can only use utilities that exist in that chroot jail ie ls ps etc are local and any changes made to them aren't going to affect the box as a whole. 2. Nib Nosers can't poke around your box and find your secret stash of Britney Spears photo's 3. breaking out of the jail is one more line of defense. These are but a few reasons why programs get chrooted. Chroot is also useful if you have rebooted without running lilo first. It allows you to boot from a rescue disk, mount the HDD and run lilo as if your root was the mount point instead of the real / James > > > >
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
