Re: What are "security implications" of FTP chroot jails?
- From: "C. J. Clegg" <reply.in.group@xxxxxxxxx>
- Date: Mon, 30 Oct 2006 23:32:33 -0500
On Mon, 30 Oct 2006 14:22:06 -0600, Moe Trin wrote:
Do you trust the individuals? (If not, why are they granted access?)
The users are either employees or customers. No one else is supposed to
get access EXCEPT via HTTP since we have a public-access website running
on that machine.
Do I trust them not to be malicious? Sure.
Do I trust them not to do something stupid out of ignorance? Uh.. not
really.
Is your system updated such that root exploits are going to be Day Zero
type exploits? The later means you have to stay on top of the system,
patching problems as soon as they are known.
And, therein lies the problem. I cannot do that on this machine, at least
not right now. It is what it is, we're stuck with FC2, and there is
nothing we can do about it for the near or mid-term future.
Believe me I have fought this fight and it's not a fight that can be won
any time soon.
One thing... you mention that it's relatively simple to break out of jail.
The only access that non-trusted users have is HTTP and FTP, and the FTP
users are chroot'd. No telnet for anybody, and no ssh for anyone but
employees, all of whom are trusted, and all of whom need to access via
more-or-less-trusted networks.
Still a problem?
.
- References:
- What are "security implications" of FTP chroot jails?
- From: C. J. Clegg
- Re: What are "security implications" of FTP chroot jails?
- From: Moe Trin
- What are "security implications" of FTP chroot jails?
- Prev by Date: Re: Security -- for Linux Server
- Next by Date: Re: Questions on secure remote access to Fedora Core 2
- Previous by thread: Re: What are "security implications" of FTP chroot jails?
- Next by thread: stress test software?
- Index(es):
Relevant Pages
|
