Firewall Wizards mailing list archives
Re: chroot useful?
From: "Steven M. Bellovin" <smb () research att com>
Date: Thu, 13 Nov 1997 01:20:19 +0000
It is important to understand what chroot() is and what it isn't. It is
not a virtualization of the machine. Attempts to use it as such are
quite likely doomed. It is a mechanism to virtualize file name access;
at that, it does quite a good job, and has since shortly after the first
public release in 1979. (That version permitted chroot("..") out of the
subtree.)
Standard UNIX systems do not have a complete virtual environment. There
have been various attempts to add these on, with more or less success.
But it's an area where one should tread cautiously.
--Steve Bellovin
Current thread:
- chroot useful? Claudio Telmon (Nov 08)
- Re: chroot useful? Darren Reed (Nov 09)
- Re: chroot useful? Claudio Telmon (Nov 09)
- Re: chroot useful? Joseph S. D. Yao (Nov 10)
- Re: chroot useful? Andreas Siegert (Nov 12)
- Re: chroot useful? chuck+fwwiz (Nov 10)
- <Possible follow-ups>
- Re: chroot useful? Paul McNabb (Nov 12)
- Re: chroot useful? Steven M. Bellovin (Nov 13)
- Re: chroot useful? C Matthew Curtin (Nov 21)
- Re: chroot useful? Steven M. Bellovin (Nov 13)
- Re: chroot useful? Paul McNabb (Nov 12)
- Re: chroot useful? Douglas R. Steinbaum (Nov 13)
- Re: chroot useful? Darren Reed (Nov 14)
- Re: chroot useful? Steven M. Bellovin (Nov 14)
- Re: chroot useful? Aleph One (Nov 14)
- Re: chroot useful? Steven M. Bellovin (Nov 15)
- Re: chroot useful? Bernhard Schneck (Nov 14)
- Re: chroot useful? Darren Reed (Nov 09)
- Re: chroot useful? Paul McNabb (Nov 14)
- Re: chroot useful? Paul McNabb (Nov 14)