[gopher] Re: Security issues in Gopher?
[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
Kind of an FYI:
I re-read the man page in light of what I learned in this thread (thanks to all
who contributed - great explanations!), and I realized my confusion. The man
page says it sets the new root directory - and I thought it meant the home
directory for user root, not the root of the filesystem. Tricky.
I wonder who I would send that kind of feedback to?
-rh
John Goerzen wrote:
>
> Robert Hahn <rhahn@xxxxxxxxxxxxxx> writes:
>
> > Interesting. I manned chroot last night, which gave me a clear answer as
> > to what and how, but, as is typical with all man pages, lacks a 'why'. :P
> >
> > So, can you explain what the significance of chroot* is and how it
> > increases security? Especially as it compares to running a server
> > either as 'nobody' or (horrors) root?
>
> It means that the files not under that directly are completely and
> forever inaccessible* to that process and all of its children. Even a
> process running as nobody can read /etc/passwd.
>
> So, run gopherd as nobody and put it chrooted, and you've got a
> bombproof protection.
>
> * Exceptions exist for the superuser.
>
>
|
|
