Hi Vaeth,
on Tue, Sep 16, 2008 at 07:14:48PM +0200, you wrote:
> > In addition, the default rsyncd configuration with Gentoo uses a chroot
> > jail.
> 
> Also a chroot jail is not a security feature: There are several ways known
> how to break out.

Huh? In the case of NAT it's reasonable to say it's not a security
feature---it's a kludge that happens to increase security somewhat in
the standard case. But there's only one reason I can see why you'd use a
chroot environment *except* for security and that's to have more than
one set of system binaries active at the same time for different
applications. Which is normally a pretty bad kludge in itself (not that
I hadn't done it, to avoid endless library woes on a Debian system that
absolutely must be kept on Woody... :-S), I'd say the vast majority of
chroot jails are there for nothing else but security.

cheers,
	Matthias
-- 
I prefer encrypted and signed messages. KeyID: FAC37665
Fingerprint: 8C16 3F0A A6FC DF0D 19B0  8DEF 48D9 1700 FAC3 7665