Not logged in
Log in now
Create an account
Subscribe to LWN
LWN.net Weekly Edition for May 23, 2013
An "enum" for Python 3
An unexpected perf feature
LWN.net Weekly Edition for May 16, 2013
A look at the PyPy 2.0 release
Indeed. As I see it, chroot can be used to protect against accidental bugs, but not deliberate ones.
For example, a non-malicious mistake in a program could quite easily delete the wrong file. Chroot could make that file inaccessible to that process, thereby protecting it.
It's very easy to exit the chroot jail deliberately, but hard to do so inadvertently. So it's still a useful tool to protect against innocent mistakes, but not against evil.
The isolate utility
Posted Jan 6, 2010 10:46 UTC (Wed) by iq-0 (subscriber, #36655)
Security is the sum of it's parts and no matter how evil you are, you still must exploit a weakness and anything that limits the possible weaknesses (even if it's one less) helps.
So this does help against evil even though it's not an end-all solution.
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds