Firewall Wizards: Re: chroot useful?

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Firewall Wizards mailing list archives

Re: chroot useful?

From: "C. Harald Koch" <chk () utcc utoronto ca>
Date: Tue, 18 Nov 1997 11:50:39 -0500

In message <199711172327.RAA23555 () argus-systems com>, Paul McNabb writes:

 
1) protecting against daemon/proxy flaws, such as stack overwrite bugs,
that would allow an attacker to get a daemon/proxy to do something it
wasn't designed to do,


Programmers make mistakes. Vendors run third-party software that wasn't
necessarily *designed* with security in mind. New security vulnerabilities
are found even in software designed for security. For all these reasons, I
believe that protecting against software flaws is very important, *even* in
environments where you control all of the software.

It's true that adding multiple protection layers, such as those in a
hardened OS, *can* increase complexity. Done right, however, it actually
*reduces* the amount of code you have to trust implicitly, which is a good
thing.

-- 
Harald

By Date By Thread

Current thread:

Re: Firewalling DCOM and brethren, (continued)
- Re: chroot useful? Anton J Aylward (Nov 17)
- RE: chroot useful? Joseph Judge (Nov 17)
- Re: chroot useful? Paul McNabb (Nov 17)
- Re: chroot useful? Paul McNabb (Nov 17)
  - Re: chroot useful? C. Harald Koch (Nov 20)
- Re: chroot useful? Anton J Aylward (Nov 20)
  - Re: chroot useful? chuck yerkes (Nov 21)
    - Re: chroot useful? Adam Shostack (Nov 21)
- Re: chroot useful? Paul McNabb (Nov 20)
  - Re: chroot useful? Colin Campbell (Nov 21)