Re: [Hampshire] chroot vs. virtual machine.

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MHugo Mills at <-
MDavid Ramsden at ->

Reply to this message
Author: James Courtier-Dutton
Date:  
To: Hampshire LUG Discussion List
Subject: Re: [Hampshire] chroot vs. virtual machine.
2009/7/28 Hugo Mills <hugo@???>:
> On Tue, Jul 28, 2009 at 11:56:52AM +0100, James Courtier-Dutton wrote:
>> All I wish to run is a DNS bind server and an Apache J2EE application server.
>> What real benefits will a virtual machine have over a chroot environment.
>> I am on the side that says that chroot should be good enough.
>> chroot makes much more effective use of filespace between multiple
>> chroot environments.
>
>   As long as neither application is running as root, a chroot should
> be sufficient. However, once you have something running as root inside
> a chroot, it's trivial for it to break out of the chroot. (I forget
> the exact mechanism, but I think it's about two commands to do it, and
> is expected and designed behaviour).
>

Ah, I just googled for "break out of chroot" and it has some
explanations of how to do it.
I would have to somehow block the "break out" method before I used it.
So, I guess I will have to use some VM instead for now. I think VMs
are more secure at the moment purely because more people are using
them, so more bugs in security get found and quashed.
I have known exploits in VMs, but most of them are fixed now.


This message was posted to the following mailing lists:
Hampshire LUG
Mailing List Info | Nearby Messages		<-Re: [Hampshire] [OT] Axis 206 network cameras deadRe: [Hampshire] [OT] Axis 206 network cameras dead->
Hampshire LUG Mailing List Archive administrated by WebmasterLurker (version 2.3)