Spotlight | Reviews | Current Issue | Academy | Newsletter | Subscribe | Shop |
News
Features
Blogs
RSS Feeds
White Papers
Conference Videos
Departments
Current Issue
Special Editions
Spotlight
Reviews
Event Calendar
Archives
     2012
     2011
     2010
     2009
     2008
     2007
     2006
     2005
Article Code

Partner Links
Make your own website
WinWeb OnlineOffice
Comparing prices of hardware is worth it.
Price Comparison
What:
Where:
Country:
vacatures Netherlands njobs Linux vacatures
arbeit Deutschland njobs Linux arbeit
work United Kingdom njobs Linux jobs
Lavoro Italia njobs Linux lavoro
Emploi France njobs Linux emploi
trabajo Espana njobs Linux trabajo

user friendly

Admin Magazine

ADMIN Network & Security

Subscribe now and save!

 ADMIN - Explore the new world of system administration! ADMIN is a smart, technical magazine for IT pros on heterogeneous networks. Each issue delivers technical solutions to the real-world problems you face every day. Learn the latest techniques for better:

  • network security
  • system management
  • troubleshooting
  • performance tuning
  • virtualization
  • cloud computing

 on Windows, Linux, Solaris, and popular varieties of Unix.

http://www.admin-magazine.com/

  linux-magazine.com » Issues » 2008 » 91 » Sandboxing  

Print this page. Recommend
Share

"Logging" In to a chroot

At this point, you'll be able to access the chroot with a command such as $ chroot /chroot/ bash, which will chroot you into the /chroot/ directory and execute bash from within it.

As I mentioned, chroot is not an inherently secure method for isolating applications. By not logging into the chroot as a privileged user such as root, and by removing any setuid and setgid binaries that run with elevated privileges, you can ensure that nothing runs as root within the chroot environment:

# find / -type f -perm +6000

Conclusion

Sandboxing is now easier than ever and its benefits have never been more important. Isolating badly written web applications from the underlying operating system or letting an administrator install a program without affecting the system can save both time and money. Like anything, prevention and foresight can significantly reduce the amount of work needed to maintain and fix a system long term, and sandboxing offers a practical tool to accomplish this.

Infos

  1. Bochs: http://bochs.sourceforge.net/
  2. KVM: http://kvm.qumranet.com/kvmwiki
  3. OpenVZ: http://openvz.org/
  4. QEMU: http://fabrice.bellard.free.fr/qemu/
  5. User-Mode Linux: http://user-mode-linux.sourceforge.net/
  6. VMware Server http://www.vmware.com/products/server/
  7. VirtualBox: http://www.virtualbox.org/
  8. XEN: http://xensource.com/
  9. Debian chroot instructions: http://www.debian.org/doc/manuals/reference/ch-tips.en.html#s-chroot
  10. Free VPS: http://www.freevps.com/
  11. Linux-VServer: http://linux-vserver.org/
  12. AppArmor: http://www.novell.com/linux/security/apparmor/
  13. SELinux: http://www.nsa.gov/selinux/

The Author

Kurt Seifried is an Information Security Consultant specializing in Linux and networks since 1996. He is married and has four cats but no fish (because the cats are more hungry than afraid of water). He often wonders how it is that technology works on a large scale but often fails on a small scale.

« Previous 1 2 3 4

Read full article as PDF ยป Sandboxing.pdf 812.63 kB


Comments


Print this page. Recommend
Share
Related Articles
User-Mode Linux Getting started with User-Mode Linux
Charly's Column The sys admin's daily grind: parallel SSH
MLN Administering virtual machines with MLN
Virtual Systems Intro Tools for virtual computing in Linux
Hyperic HQ Application performance monitoring with Hyperic HQ
Virtualization Intro Virtualization and Emulation in Linux
Special Linux Magazine 3 for 1 Offer

Get 3 Issues + 3 DVDs for the price of a single issue!

Let Linux Magazine's hands-on, technical articles guide you in your daily Linux use. Check out bonus DVDs like Ubuntu, SUSE, or Fedora and save the download.

Only available for a limited time. Don't miss out!

more...

In the US and Canada, Linux Magazine is known as Linux Pro Magazine.

© 2012Linux New Media USA, LLC

Linux New Media Websites
International: [Linux Magazine] [ADMIN Magazine] [Ubuntu User] [Smart Developer] [Linux Magazine Academy]
North America: [Linux Pro Magazine] [ADMIN Magazine] [Ubuntu User] [Smart Developer]
Germany: [Linux-Magazin] [ADMIN Magazin] [LinuxUser] [EasyLinux] [Linux-Community]
[Ubuntu User] [Smart Developer] [Android User] [Linux-Magazin Academy]
Poland: [Linux Magazine] [EasyLinux]
Spain: [Linux Magazine] [Ubunutu User]
Netherlands: [Linux Magazine Academy]
Brazil: [Linux Magazine] [ADMIN Magazine] [Ubuntu User] [Guia de TI]