Re: Run them in a chroot jail
I think last time I checked, you could simply chroot out of a chroot "jail". I don't think it ever was designed to be a security feature.
So what do you think it was designed to be for?
To "break out", you need to be root. This is already a little bit of an impediment:
It should be noted that this document was written with protecting web servers from rogue CGI scripts in mind. Therefore it is not unreasonable to assume that a user has access to a Perl interpreter. It is then a matter for the user to gain root access via security holes on the box running the web server. Whilst this is outside the topic of the document, an attacker could make use of application programs which are setuid-root and have security holes within them. In a well maintained chroot() area such programs should not exist. However, it should be noted that maintaining a chroot()ed environment is a non-trival task, for example system patches which fix such security holes will not know about the copies of the programs within the chroot()ed area. Ensuring that there are no setuid-root executables within the padded cell is going to be a must.
Well, today we have Virtual Machines.