19 Jan
2005
19 Jan
'05
09:43
On Mon, Jan 17, 2005 at 02:45:00PM +1300, Mike Tierney wrote:
Does anyone know if there is any extra chroot protection in the SuSE kernels?
There is no extra chroot protection.
Apparently crafty people can "break out" of chroot jail's but there are 3rd party patches that make this much harder to do, patches like Grsecurity, maybe Openwall(?) and Linux Vserver (linux-vserver.org), etc. I don't have a problem taking a vanilla kernel and patching it... but then I'd miss out on things like Oracle Certification, etc.
So yes.... does anyone know offhand if the SLES kernels have had their chroot security increased? Alas I'm not a kernel hacker or I'd go take a peek at the source myself! :)
No, they don't. Ciao, Marcus