There wasn't a security essence, for there is none. Security is just as strong as the weak link in the chain, and yeah, there is no point for you (or even me) to discuss anything more about it.
Bat ganun parang ang labo nito. Ok lang pala ibroadcast na lang natin mga root password tutal wala naman palang kwenta i-discuss ang security. Tsaka alam ko yung weakest link sa chain palagi yung bobong user.
And besides, the thread was about chrooting a user, not just jailing a process service like FTP or somesuch. If it were just that, then the set of considerations for chrooting would have been much, much smaller, and we wouldn't be dissing off on some petty matter concerning sudo, chroots and their usage. However, since this concerns real users who may be identified as `potentially hostile,' you will at the very least continue investigation into them without sounding the alarms... > remember grsec? (oo linux yun e!) ang alam ko isa sa mga SECURITY > feature niya is to PREVENT RECURSIVE CHROOTING. *cough cough* Yeah, grsec... it has been a long time since I've heard the word. Thanks for reminding me, I'll try that soon ;-) > as an example if you can give me a ROOT account in your impressively > recursive chroot environment. I can love your linux long time. :) Careful. If you have nothing good to say, don't say it at all. Go and love your own boxen.
eto recommendation ko: mkdir -p /home/chroot chmod -R 000 /home/chroot tapos rename root account to fake para instant fake-root for installations :). ayan ayos na ayos. no need to patch your kernel. Yipeee! _________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List [email protected] (#PLUG @ irc.free.net.ph) Read the Guidelines: http://linux.org.ph/lists Searchable Archives: http://archives.free.net.ph
