Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: chroot useful?

From: mcnabb () argus-systems com (Paul McNabb)
Date: Tue, 11 Nov 1997 11:33:34 -0600
 From: "Joseph S. D. Yao" <jsdy () cospo osis gov>
 
 Similarly, chrooting is a deterrent, not a guarantee (and, especially,
 not as much of a guarantee as it used to be).  Yes, it would be nice if
 it compartmented more than it did.  In fact, that's an interesting
 idea: as chroot partitions the file system, perhaps there might be
 other services to partition off other kernel services?  For the future.


All B1 systems do this now, and B1 versions are available for most
commercial OS products.  Other products, such as Argus's Decaf do
partitioning as well, but without the B1 mechanisms.  This is the main
argument used for B-level security.

paul

---------------------------------------------------------
Paul McNabb                     Argus Systems Group, Inc.
Vice President and CTO          1809 Woodfield Drive
mcnabb () argus-systems com        Savoy, IL 61874 USA
TEL 217-355-6308
FAX 217-355-1433                "Securing the Future"
---------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: