Security Basics mailing list archives

RE: To chroot or not to chroot?

From: "Jeroen van Meeuwen" <kanarip () pczone-clan nl>
Date: Thu, 24 Nov 2005 21:32:16 +0100

Martin,

You could consider setting up a restrictive SELinux environment.

Kind regards,

Jeroen van Meeuwen

--
kanarip

-----Original Message-----
From: Martín Villalba [mailto:famafcs () gmail com]
Sent: Wednesday, November 23, 2005 19:58
To: security-basics () securityfocus com
Subject: To chroot or not to chroot?

Hi, list! Maybe you can help me with this: I'm about to install a
webserver, which should have an http server, webmail, php support,
dns, ftp, remote login and a couple more things. Obviously, with all
those ports open, I must take every security measure I know (and some
I don't). But here comes my doubt: should I jail the webserver with
chroot? My first thought was "Duh, yes!", but thinking about it,
having all those services running at the same time, do I really make
any difference? It seems to me that in such environment a cracker (no,
i'm not writing "hacker") could do anything he (maybe she?) wants...
Ideas? Suggestions? Donations (cash, please)?
C-you

Martín

Current thread:

To chroot or not to chroot? Martín Villalba (Nov 24)
- RE: To chroot or not to chroot? Jeroen van Meeuwen (Nov 24)
- Re: To chroot or not to chroot? Josh Tolley (Nov 25)
- Re: To chroot or not to chroot? darren kirby (Nov 25)