Re: Breaking out of chroot

From: Floyd Davidson (floyd_at_barrow.com)
Date: 08/26/03 

Date: 25 Aug 2003 14:26:26 -0800

mru@users.sourceforge.net (Måns Rullgård) wrote:
>Floyd Davidson <floyd@barrow.com> writes:
>
>> mru@users.sourceforge.net (Måns Rullgård) wrote:
>>>Admittedly, the risk of having a buggy program inside the
>>>chroot is smaller ...
>>
>> ...
>>
>>>I only showed that chroot is useless
>>>for this purpose.
>>
>> It seems you've show that it is *useful* for that purpose.
>
>How is that? Any non-zero risk for breach of security should be
>considered as 100%. If there's a way, someone will find it, if
>motivated. Putting things in a chroot environment for protection is
>only false security, which often is worse than no security at all.

There is no such thing a zero risk security solution. If you
refuse to use any non-zero risk methods you might as well just
buy that latest OS from MicroSoft and live with it.

Security is a moving target, and knowing where the next exploit
will be found is not possible. Hence chroot has the potential
to _minimize_ risk by reducing exposure to unneeded resources
that could be the source of the root breakin that you have noted
is necessary.

Exploits using resources that you aren't making available do
not result in security breaches. 

-- 
Floyd L. Davidson           <http://web.newsguy.com/floyd_davidson>
Ukpeagvik (Barrow, Alaska)                         floyd@barrow.com

Relevant Pages

  • Re: Breaking out of chroot
    ... Any non-zero risk for breach of security should be ... >only false security, which often is worse than no security at all. ... to _minimize_ risk by reducing exposure to unneeded resources ...
    (comp.unix.programmer)
  • =?windows-1252?Q?TJX=92s_failure_to_secure_Wi-Fi_could?= =?windows-1252?Q?_cost_=241B?=
    ... TJX’s failure to secure Wi-Fi could cost $1B ... already widely reported back in March that the TJ Maxx breach was ... IPLocks, a compliance and database security company, is basing the ... WEP was originally demonstrated to be broken back in 2001 and it was ...
    (soc.retirement)
  • Re: This bugs me....
    ... Is this a possible breach of security? ... No error message window popped up. ... What makes you think you've had a "security breach" anyhow? ... I use Windows! ...
    (rec.games.computer.ultima.dragons)
  • Is the Bottom Line Impacted by Security Breaches?
    ... White and Case, a top NYC law firm, posted a survey on Data Security ... Breach Notifications on September 26, ...
    (Bugtraq)
  • Re: This bugs me....
    ... What makes you think you've had a "security breach" anyhow? ... a router with a firewall and have sp2 so you have that software firewall ... Running a piece of software is not hacking. ...
    (rec.games.computer.ultima.dragons)