Firewall Wizards mailing list archives
Re: chroot useful?
From: Claudio Telmon <claudio () link it>
Date: Sun, 09 Nov 1997 19:35:41 +0100
Darren Reed wrote:
Not *BSD anyway. Procfs (and kernfs) can be excluded from the kernel when you build them. Although they can then be modloaded, if you're allowing modloads in multiuser mode on your firewall, then you're just asking for trouble.
Yes, you can do the same on linux: compiling the kernel without proc filesystem and loadable module support. With the proc filesystem it's just more simple, but as you and others pointed out, on a typical system the whole thing is not becoming root, or else everything is possible. Thanks ciao - Claudio
Current thread:
- chroot useful? Claudio Telmon (Nov 08)
- Re: chroot useful? Darren Reed (Nov 09)
- Re: chroot useful? Claudio Telmon (Nov 09)
- Re: chroot useful? Joseph S. D. Yao (Nov 10)
- Re: chroot useful? Andreas Siegert (Nov 12)
- Re: chroot useful? chuck+fwwiz (Nov 10)
- <Possible follow-ups>
- Re: chroot useful? Paul McNabb (Nov 12)
- Re: chroot useful? Steven M. Bellovin (Nov 13)
- Re: chroot useful? C Matthew Curtin (Nov 21)
- Re: chroot useful? Steven M. Bellovin (Nov 13)
- Re: chroot useful? Paul McNabb (Nov 12)
- Re: chroot useful? Douglas R. Steinbaum (Nov 13)
- Re: chroot useful? Darren Reed (Nov 14)
- Re: chroot useful? Steven M. Bellovin (Nov 14)
(Thread continues...)
- Re: chroot useful? Darren Reed (Nov 09)