Alternative to chroot jail

Tuesday, 25 October 2005

Wrappers which intercept system calls of specific programs at kernel level, in order to restrict the capability of an attacker who has taken ownership of a firewall process.

wrappers add security functionality to an operating system which helps improve firewalls� [which] implies that operating system controls are not very helpful � after all, not much about them has changed in 40 years.�

Not suprisingly, the developers found it hard to wrap programs running within the JVM, because the VM itself needs unfettered access to several critical system calls.

Question: if the barbarians control the gate, is there any perimeter defense left? After all, most machines which host firewalls do not have any thing of value.

The entry 'Alternative to chroot jail' was posted on October 25th, 2005 at 10:45 am and is filed under Thinking IT. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Alternative to chroot jail

Leave a Reply

Recent Comments

Pages

Links

Non-programming

Python

Archives

Categories

Meta