On Sat, 2005-11-19 at 14:02, Lamar Owen wrote:
So much for older and simpler is better; why don't we go back to VMS? It's substantially more secure than Linux (the Linux kernel and heritage is not 30 years old, because Linux is not Unix).
The VMS model isn't older and simpler than unix - it is more complex and around the same age. The unix model was intentionally simplified by someone familiar with Multics, an older and much more complicated system. People have had a choice between VMS and unix for a long time and VMS found a very small niche of popularity. Linux may not be unix but it's design goal was to provide the same api - and for good reasons.
The mechanism was there all along, the policy wasn't - and the policy didn't belong in the kernel.
Sure, the policy of chroot is indeed in the kernel, and the kernel enforces the chroot, no?
No, the kernel provides the mechanism of chroot, and has more or less forever. A policy of using it or not is left up to you. Simplicity in the kernel.
The other typical answer to exploits is firewalling: pray tell where that policy is enforced.
The best place is on a separate box from anything that it should be protecting.