Author: JT Smith
“Jail chroots an
environment and sets certain restrictions on processes which are forked from within. For example, a jailed process cannot affect processes outside of the
jail, utilize certain system calls, or inflict any damage on the main computer. Jail is becoming the new security model. People are running potentially
vulnerable servers such as Apache, BIND, and sendmail within jails, so that if an attacker gains root within the Jail, it is only an annoyance, and not a
devastation. This article focuses on the internals (source code) of Jail and Jail NG. It will also suggest improvements upon the jail code base which are
already being worked on.” Read the article at Daemon News.
environment and sets certain restrictions on processes which are forked from within. For example, a jailed process cannot affect processes outside of the
jail, utilize certain system calls, or inflict any damage on the main computer. Jail is becoming the new security model. People are running potentially
vulnerable servers such as Apache, BIND, and sendmail within jails, so that if an attacker gains root within the Jail, it is only an annoyance, and not a
devastation. This article focuses on the internals (source code) of Jail and Jail NG. It will also suggest improvements upon the jail code base which are
already being worked on.” Read the article at Daemon News.
Category:
- Linux
