Re: chroot & mount --bind = security ?

From: Asbjørn Sannes (ace_at_sannes.org)
Date: 04/07/04

  • Next message: Enrico Scholz: "Re: chroot & mount --bind = security ?"
    To: focus-linux@securityfocus.com
    Date: Wed, 7 Apr 2004 19:52:35 +0200
    
    

    On Tuesday 06 April 2004 20:28, link wrote:
    > > I would like to do like this :
    > >
    > > - A folder /var/www witch contains my html documents
    > > - mount --bind /var/www /chroot/httpd/var/www to allow the web server to
    > > access them - mount --bind /var/www /chroot/ftpd/var/www to allow the ftp
    > > server to update them

    > This is how I do it for my chroot'd ftp server, since 'ln -s' obviously
    > won't work. I don't see any security issues (other than the regular fs
    > perms). One note, mouting --bind,ro doesn't seem to actually mount
    > read-only. If anyone has any ideas why, I've always been curious.

    Herbert Poetzl has a patch called Bind Mount Extentions (BME) available at
    http://www.13thfloor.at/patches/ that does this. I hope it will be included
    mainline someday (patch isn't more than 2 months old, check out the LKML for
    more information).

    -- 
    --
    Asbjørn Sannes
    ace@sannes.org
    www.sannes.org
    

  • Next message: Enrico Scholz: "Re: chroot & mount --bind = security ?"