Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections: Developer - High Performance - Infrastructure - IT Management - Security - Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs

Partner Sites
JustLinux.com
Linux Planet
PHPBuilder
Technology Jobs

Top White Papers

Current Newswire:

More on LinuxToday

KernelTrap: BSD Jail With LSM Framework

Sep 15, 2004, 07:00 (0 Talkback[s])

"Serge Hallyn posted a set of three patches to the lkml that together implement a subset of the BSD Jail functionality into the Linux kernel using the Linux Security Modules (LSM) framework. Serge explains that with the patch, 'a process in a jail lives under a chroot which is not vulnerable to the well-known chdir(...)(etc)chroot(.) attack against normal chroots, and may be locked to one ip address.'

"The third patch in the set contains documentation for the module, which notes that in addition to the features listed above, if a process is in a jail it cannot mount or unmount, it cannot send signals outside of the jail, it cannot ptrace processes outside of the jail, it cannot create devices, it cannot renice processes, it cannot load or unload kernel modules, it cannot change network settings, and it cannot see the contents of /proc/ entries of processes not within the same jail..."

Complete Story

Related Stories: