From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1Ok0U8-0008A5-Du for garchives@archives.gentoo.org; Fri, 13 Aug 2010 20:04:12 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 0467CE07F2 for ; Fri, 13 Aug 2010 20:04:12 +0000 (UTC) Received: from mailgate.caprica.metux.de (caprica.metux.de [82.165.128.25]) by pigeon.gentoo.org (Postfix) with ESMTP id 4ABCDE09F4 for ; Fri, 13 Aug 2010 19:14:21 +0000 (UTC) Received: from mailgate.caprica.metux.de (localhost.localdomain [127.0.0.1]) by mailgate.caprica.metux.de (8.14.4/8.14.4) with ESMTP id o7DJE14V025436 for ; Fri, 13 Aug 2010 21:14:01 +0200 Received: (from uucp@localhost) by mailgate.caprica.metux.de (8.14.4/8.14.4/Submit) with UUCP id o7DJDT2n025414 for gentoo-user@lists.gentoo.org; Fri, 13 Aug 2010 21:13:29 +0200 Received: (from weigelt@localhost) by nibiru.metux.de (8.12.10/8.12.10) id o7DJ5XBY010383 for gentoo-user@lists.gentoo.org; Fri, 13 Aug 2010 21:05:33 +0200 Date: Fri, 13 Aug 2010 21:05:33 +0200 From: Enrico Weigelt To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Increasing security [WAS: Rooted/compromised Gentoo, seeking advice [Solved?] Message-ID: <20100813190533.GB26738@nibiru.local> References: <20100813152553.GB21326@nibiru.local> <4C657BCA.9000703@gmail.com> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4C657BCA.9000703@gmail.com> User-Agent: Mutt/1.4.1i X-Terror: bin laden, kill bush, Briefbombe, Massenvernichtung, KZ, X-Nazi: Weisse Rasse, Hitlers Wiederauferstehung, 42, X-Antichrist: weg mit schaeuble, ausrotten, heiliger krieg, al quaida, X-Killer: 23, endloesung, Weltuntergang, X-Doof: wer das liest ist doof X-Archives-Salt: 9ce8909f-cab7-4442-9ced-c8e49e41ac9d X-Archives-Hash: ff8b897b4416de718bd1b929a74aad1a * Bill Longman wrote: > Basically just run VMWare/Virtualbox etc and put the services in there. well, these solutions are way "bigger" (iow: more resource intensive), since they run a complete operation system instance within the virtual machine. > No, chroots are NOT the same. They run on the same system. well, chroots have not much to do with containers (even contains could be said to include chroot as a building block) - they just run certain processes with a different root directory (iow: these processes see just see a subdirectory as it would be the whole filesystem). that's nice for testing porposes or to isolate different kind of isolate programs/libraries (eg. use different libc's, ABIs or calling conventions, 32bit subsystems on an native 64bit host, etc, etc), but don't really add security. cu -- ---------------------------------------------------------------------- Enrico Weigelt, metux IT service -- http://www.metux.de/ phone: +49 36207 519931 email: weigelt@metux.de mobile: +49 151 27565287 icq: 210169427 skype: nekrad666 ---------------------------------------------------------------------- Embedded-Linux / Portierung / Opensource-QM / Verteilte Systeme ----------------------------------------------------------------------