Three layers of defense we might have

• Properly-programmed and configured server software, I.e. security bug-free

• Operating system user name and file permissions providing some protection

• Chroot and various jailing technologies

  • FreeBSD jail(1)
  • Various system call monitors

• Alas, chroot is the only standard

Previous slide

Next slide

Back to first slide

View graphic version