Talk:Chroot
From Wikipedia, the free encyclopedia
This article could perhaps also discuss chrootuid(1). See the README and Wietse Venema's page of tools and papers. --Vinsci 08:08, 28 September 2007 (UTC)
[edit] Slashdot...
http://it.slashdot.org/article.pl?sid=07/09/27/2256235&from=rss
The article right-out contradicted the discussion there. It has since been changed, but now it doesn't really make sense anymore. Shinobu 12:16, 28 September 2007 (UTC)
Further to Gerbrant|Shinobu's comment, the present Wikipedia article is in error, or at least oversimplifying, to say "The chroot mechanism itself is not secure against intentional tampering. On POSIX-compliant systems, for example, chroot contexts do not stack properly and chrooted programs may perform a second chroot to break out." The referenced "second chroot" link itself [1] points out that a chroot jail is only insecure if the user running in the chroot jail is root. It specifically points out that proper usage is to run as non-root user in the chroot jail, and then the referenced exploit cannot be used. Certainly no technique is absolute proof against all code bug based exploits, but a chroot jail is a valuable security tool. To claim otherwise is revisionist, and the claimant would have to explain away the fact that such popular and well regarded linux server distros as Red Hat / Fedora run named in a chroot jail specifically for security reasons. Finally, the claim that chroot was originally devised for purposes other than as a security tool may be presumed to be true, but that hardly means that it cannot be used as one. Fnj2 15:37, 28 September 2007 (UTC)
