What chroot() is really for
Posted Oct 6, 2007 23:22 UTC (Sat) by acorliss
In reply to: What chroot() is really for
Parent article: What chroot() is really for
No offense, but that's idiotic. There's many files on a system that are by design world readable (oh, say, /etc/passwd, for instance), and should be for regular users and processes. But that doesn't mean a process serving unknown and potentially hostile remote users should be able to get a list of accounts to attack on the system. Which is exactly the risk you should expect whenever you run a service that's designed to read files from a filesystem (like an http or ftp server).
Chroot isn't the be-all, end-all to this problem, but it's certainly a portable and effective tool that should be used along with others.
Your comments suggest you've never actually had to support publicaly accessible systems, or understand information security. It certainly doesn't demonstrate your administrative competence.
to post comments)