Bashscripts.org

i saw jailshell on few hosting servers, got too much restriction on it. But i cant find even its homepage? anybody knows something about jailshell ? where can i reach sources?

I believe jailshell is a "cpanel" thing...... not something you can just download.
You might also look into this: http://olivier.sessink.nl/jailkit/howto ... shell.html

please note that chroot is not a security tool, by that I mean that it's easy to break out of.

i also could not find jailshell either

thanks for replies. i searched it, cos i really hated it.

I am just curious how a chroot is not a security tool? A properly configured chroot would not be easy to break out of, and I am open, and would love to hear how it could be done so I could be corrected. I run my personal services in chroots and have never had an issue with it at all, I prefer to run chroots. Just like any other service if not properly maintained yes it could be exploited, but this is not chroot specific this applies to any service.

http://kerneltrap.org/Linux/Abusing_chroot
http://www.bpfh.net/simes/computing/chroot-break.html

In many circumstances chroot will improve security however a knowledgeable cracker will easily bypass it once root access is obtained. I believe that the latest version running on BSD is more secure.

There are many places that detail that chroot is not for security however they're buried in the mass of articles saying how it improves security of that particular organisation's application. Probably because they cannot be arsed to fix their security issues themselves lol.

As I understand it the tool was never designed to be a security tool so therefore it isn't. It would not surprise me if that is not changed soon due to the number of people using it as such.

Alan Cox, a major person in the Linux world, made the following comment...

"chroot is not and never has been a security tool. People have built things based upon the properties of chroot but extended (BSD jails, Linux vserver) but they are quite different."

It is likely that correct use of SE Linux would give much better security.

duh........ roflmao

perhaps even an "un-knowledgeable" one might as well

----------- I would always want too assume that no one but myself has "root" access, because once they have root, they have compromised the server beyond any hope of me trusting it again.

root access is not required, it just makes it very easy

hmm, well then I guess I will just admit to being humbled, I knew chroots could be broken out of, but I really did not think it was a walk in the park, given that it was setup correctly, and maintained.