Forum OpenACS Q&A: Response to Bugtraq: Oracle security

Posted by Jon Griffin on
I definitly think it should be chroot, and preferably a section (at least for linux) on adding the grsecurity patches to your kernel to make defeating a chroot even harder.

This is yet another reason to not use RH6.2 as a standard install. Also, I am working on some iptables rules which will help as well.