On 11/2/2012 10:58 AM, Mircea Ciocan wrote: > http://lwn.net/Articles/252794/ > "chroot() is a useful call, many install programs use it, as do > programs that need to see a consistent set of older libraries, but it > has very limited use in security applications. > It does NOT provide a sandbox that can be used to test suspicious > code, that code might escalate its privilege and access anything it > wished. > Maintaining an up-to-date chroot() environment adds an additional > burden on administrators as well; update tools do nothing to help keep > utilities secure if they live outside of the normal places. > It is probably safest to avoid using it as any kind of security tool." mea culpa, ca n-am fost precis; testare as in 'bagam programul asta in productie, dar pana e gata mai trebuie configurari si rulari de mana' nu testare de exploituri si mai stiu eu ce ... desi niciodata nu poti sa fii sigur :-P deci chroot ar cam fi cea mai buna solutie in cazul asta, chiar n-am chef sa bag o masina virtuala pentru asa ceva, ma multumesc cu 98.5% safe decat 99%, ca 100% nu va fi niciodata :-P
Alex _______________________________________________ RLUG mailing list [email protected] http://lists.lug.ro/mailman/listinfo/rlug
