"Ivan Barrera A." <Bruce@xxxxxx> writes:
>> In FreeBSD there is such a thing as a "jail" that restricts where
>> one can get to even if he breaks out of the server.Does Linux have
>> such a thing? Would that have prevented this breakin?
>> Just a thought...
>>
>
> chroot. works the same.
It's actually similar, but not identical. jail has more restrictions
than chroot does. See:
http://docs.freebsd.org/44doc/papers/jail/jail-4.html
If you use the grsecurity patch:
http://www.grsecurity.net/
you can configure your Linux chroot to behave similarly to jail.
I use this in conjunction with mod_chroot on some high-security
applications:
http://core.segfault.pl/~hobbit/mod_chroot/
And neither of these prevents break-ins; they limit the damage that
can be done if and when a break-in does occur. Fortunately that's
generally a big piece of what you care about, so they do improve
security quite a bit.
----ScottG.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|