Linux Magazine: Go Directly to Jail

"'Security' is one of those 'buzzwords du jour,' and there seems to be as many approaches to security as there are opinions on Microsoft. However, unlike other hot topics (or 'CEO hot buttons') that come and go, effort spent on security almost always pays off. Moreover, having a multitude of security techniques is a very good thing. There are umpteen ways to hack a system, and the savvy system administrator maintains a substantial and varied arsenal of countermeasures. Firewalls, honey pots, intrusion detection, and SSH are just a few tricks of the Linux security trade.

"Application jails, also known as 'change root jails' or 'chroot jails,' are another effective countermeasure. Supported by all Linux and Unix systems, application jails put up a nearly impenetrable barrier between the 'jailed' software and the rest of the system. And because a jail is enforced by the operating system and not by an application, it can provide an enormous level of safety. A chroot jail 'incarcerates' untrusted applications, and acts like a guard, almost literally, for applications that already have substantial security measures built-in.

"This month, let's learn about jails. Let's throw an application into 'solitary,' and make it a model citizen..."

Complete Story

Related Stories:

• Linux Orbit: Chroot Jails Made Easy with the Jail Chroot Project(Oct 15, 2002)
• LinuxSecurity.com: Linux Data Hiding and Recovery(Mar 13, 2002)
• LinuxSecurity.com: Using Chroot Securely(Feb 12, 2002)
• LinuxFocus.org: Chrooting All Services in Linux (Feb 08, 2002)