Advanced.Linux.Networking..Roderick.Smith [Electronic resources] نسخه متنی

اینجــــا یک کتابخانه دیجیتالی است

با بیش از 100000 منبع الکترونیکی رایگان به زبان فارسی ، عربی و انگلیسی

Advanced.Linux.Networking..Roderick.Smith [Electronic resources] - نسخه متنی

Roderick W. Smith

| نمايش فراداده ، افزودن یک نقد و بررسی
افزودن به کتابخانه شخصی
ارسال به دوستان
جستجو در متن کتاب
بیشتر
تنظیمات قلم

فونت

اندازه قلم

+ - پیش فرض

حالت نمایش

روز نیمروز شب
جستجو در لغت نامه
بیشتر
لیست موضوعات
توضیحات
افزودن یادداشت جدید








Chapter 23.
Configuring a chroot Jail


Every server must be able to read certain
local files, and some servers must be able to change at least some local files.
If these powers can be warped to serve the needs of an attacker, that attacker
can corrupt your system's configuration, gain more power, and ultimately gain
complete control of your system. What, though, if that corrupted system is
really just a subset of the real computer, and a
subset with very limited abilities? This is the idea behind a chroot jailto
run a server in an environment so limited that it won't do an attacker any good
if the server is compromised.

Not all servers operate well in a chroot jail,
but some are designed to be used in this way. For those servers that support chroot operation, you must set up both the server's configuration options and a
limited chroot environment in which the server can run.









Chapter 23.
Configuring a chroot Jail


Every server must be able to read certain
local files, and some servers must be able to change at least some local files.
If these powers can be warped to serve the needs of an attacker, that attacker
can corrupt your system's configuration, gain more power, and ultimately gain
complete control of your system. What, though, if that corrupted system is
really just a subset of the real computer, and a
subset with very limited abilities? This is the idea behind a chroot jailto
run a server in an environment so limited that it won't do an attacker any good
if the server is compromised.

Not all servers operate well in a chroot jail,
but some are designed to be used in this way. For those servers that support chroot operation, you must set up both the server's configuration options and a
limited chroot environment in which the server can run.



/ 201