Re: [PATCH] User chroot

David Wagner (daw@mozart.cs.berkeley.edu)
27 Jun 2001 00:51:32 GMT


Paul Menage wrote:
>It could potentially be useful for a network daemon (e.g. a simplified
>anonymous FTP server) that wanted to be absolutely sure that neither it
>nor any of its libraries were being tricked into following a bogus
>symlink, or a "/../" in a passed filename. After initialisation, the
>daemon could chroot() into its data directory, and safely only serve
>the set of files within that directory hierarchy.
>
>This could be regarded as the wrong way to solve such a problem, but
>this kind of bug seems to be occurring often enough on BugTraq that it
>might be useful if you don't have the resources to do a full security
>audit on your program (or if the source to some of your libraries
>isn't available).

Or even where you have done a full security audit on your program, it is
often still useful to have backup protection. Belt and suspenders[*],
and all that.

[*] For those who are not familiar with the reference: If you really,
really want to avoid getting caught with your pants down, you might
wear both a belt and a pair of suspenders.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/