Re: chroot & mount --bind = security ?
From: Thomas Knop (tknop_at_maxrelax.de)
Date: 04/06/04
- Previous message: link: "Re: chroot & mount --bind = security ?"
- In reply to: Julien Nury: "chroot & mount --bind = security ?"
- Next in thread: Enrico Scholz: "Re: chroot & mount --bind = security ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 6 Apr 2004 20:07:00 +0200 To: focus-linux@securityfocus.com
* Julien Nury <jnury@voila.fr> [06.04.04 19:24]:
> Imagine :
> - An apache web server chrooted in /chroot/httpd, this server publish
> document in /chroot/httpd/var/www
> - A FTP server chrooted in /chroot/ftpd
[..]
> - A folder /var/www witch contains my html documents
> - mount --bind /var/www /chroot/httpd/var/www to allow the web server
> to access them
> - mount --bind /var/www /chroot/ftpd/var/www to allow the ftp server to
> update them
> And now ... questions :
> - does it working ?
no idea.
> - is there a security problem with it ?
Of course, you break the idea of chroot. This results in something
similar /chroot/http_and_ftp.
> - is there another method (more secure/simple) to do this ?
In any case of an automated filte transver from ftp -> http you run in
the same security risk.
May be you wish to keep all as it is. Then use a secure remote shell
to move the uploaded files to the http server. If you can trust this
task you can trust then moved files (risk: time between upload and
move).
Regards,
Thomas Knop
- Previous message: link: "Re: chroot & mount --bind = security ?"
- In reply to: Julien Nury: "chroot & mount --bind = security ?"
- Next in thread: Enrico Scholz: "Re: chroot & mount --bind = security ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
