Re: chroot & mount --bind = security ?
From: Thomas Knop (tknop_at_maxrelax.de)
Date: Tue, 6 Apr 2004 20:07:00 +0200 To: email@example.com
* Julien Nury <firstname.lastname@example.org> [06.04.04 19:24]:
> Imagine :
> - An apache web server chrooted in /chroot/httpd, this server publish
> document in /chroot/httpd/var/www
> - A FTP server chrooted in /chroot/ftpd
> - A folder /var/www witch contains my html documents
> - mount --bind /var/www /chroot/httpd/var/www to allow the web server
> to access them
> - mount --bind /var/www /chroot/ftpd/var/www to allow the ftp server to
> update them
> And now ... questions :
> - does it working ?
> - is there a security problem with it ?
Of course, you break the idea of chroot. This results in something
> - is there another method (more secure/simple) to do this ?
In any case of an automated filte transver from ftp -> http you run in
the same security risk.
May be you wish to keep all as it is. Then use a secure remote shell
to move the uploaded files to the http server. If you can trust this
task you can trust then moved files (risk: time between upload and