General TC > Tiny Core on Virtual Machines
Virtualization or chroot more secure?
danielibarnes:
--- Quote ---Are web servers your main motivation for virtualization?
--- End quote ---
No, we use them primary for software development as we can get four 2GB development VMs on one 12GB ESXi server (about 4GB overhead). I do, however, have a system with a number of services, each running in a separate VM: iptables/dnsmasq, ntpd, NIS, NFS, lighttpd, etc. Basically, I just chroot lighttpd because I can do so quite easily.
I'd say running web browsers in a chroot is worth it. Maybe even a "howto" for opera, minefield, etc. would be useful. The kerneltrap article centered around neglecting to drop privileges after chroot, which of course is not secure. So long as you do not put any setuid binaries in your chroot (busybox drops privileges for applets which do not require it) and you drop privileges when executing the chroot, I expect you will at least get protection from malicious code which does not expect and provide exploits for escaping a chroot.
curaga:
Even if there was a flaw in Opera, as mentioned, only root can escape from chroot (easily :P). The attacker would need all three of opera flaw, privilege escalation, and code to exit from chroot.
tinypoodle:
When asking the question about comparison of vmware versus chroot as quoted in OP, of course all of the above factors were meant to be implied as I had assumed they would be self-understood in context.
curaga:
Ref reply 4, I guess not :)
Ulysses_:
Alright I'm bought. Would someone with in-depth knowledge care to write a "howto" for opera?
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version