Secure Untrusted Applications with Chroot
"Security" is one of those "buzzwords du jour," and there seems to be as many approaches to security as there are opinions on Microsoft. However, unlike other hot topics (or "CEO hot buttons") that come and go, effort spent on security almost always pays off. Moreover, having a multitude of security techniques is a very good thing. There are umpteen ways to hack a system, and the savvy system administrator maintains a substantial and varied arsenal of countermeasures. Firewalls, honey pots, intrusion detection, and SSH are just a few tricks of the Linux security trade.
Application jails, also known as "change root jails" or "chroot jails," are another effective countermeasure. Supported by all Linux and Unix systems, application jails put up a nearly impenetrable barrier between the "jailed" software and the rest of the system. And because a jail is enforced by the operating system and not by an application, it can provide an enormous level of safety. A chroot jail "incarcerates" untrusted applications, and acts like a guard, almost literally, for applications that already have substantial security measures built-in.
This month, let's learn about jails. Let's throw an application into "solitary," and make it a model citizen.
[ Read more ]
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.