Christos Panagiotakis wrote: > Hello people (again). > > TSL claims to be and true it is a very secured linux distro. What > about to make it > a litle more secure? On most cases when a machine goes compromised is > about 80% locally and not remote damage. Eg from a user who has already an > account on the machine. > > Searching the internet I found a tool which automatically makes Jail > (chroot) enviroment > for the local users. And I am wondering if this could be useful for > Trustix Linux to > put it in the update section or in the next TSL release like a tool or > with help with a automated "useradd" script which will make "ready to > run" jailed users. > > Any opinions on this ?
What happens when you upgrade your system? Will the files available to the chrooted users still be outdated? In all such jailing concepts I have seen, the jail is static and will over time become unsecure. Not to the system, but to the users. This means that although it limits the problem, it also places your users in a situation where they use outdated software, and may have their accounts compromised, since the tools they are using are insecure. Anyone having local users must be very much aware of the risks. While chrooting might help, it will only make things worse if not completely integrated into the rest of the system. All chroots must be updated every time the system changes via swup. I will ve very surprised if this tool does in fact do that. -- Christian H. Toldnes Trustix Developer _______________________________________________ tsl-discuss mailing list [email protected] http://lists.trustix.org/mailman/listinfo/tsl-discuss
