Re: chroot & mount --bind = security ?

From: Asbjørn Sannes (ace_at_sannes.org)
Date: 04/07/04

  • Next message: Enrico Scholz: "Re: chroot & mount --bind = security ?"
    To: focus-linux@securityfocus.com
    Date: Wed, 7 Apr 2004 19:52:35 +0200
    
    

    On Tuesday 06 April 2004 20:28, link wrote:
    > > I would like to do like this :
    > >
    > > - A folder /var/www witch contains my html documents
    > > - mount --bind /var/www /chroot/httpd/var/www to allow the web server to
    > > access them - mount --bind /var/www /chroot/ftpd/var/www to allow the ftp
    > > server to update them

    > This is how I do it for my chroot'd ftp server, since 'ln -s' obviously
    > won't work. I don't see any security issues (other than the regular fs
    > perms). One note, mouting --bind,ro doesn't seem to actually mount
    > read-only. If anyone has any ideas why, I've always been curious.

    Herbert Poetzl has a patch called Bind Mount Extentions (BME) available at
    http://www.13thfloor.at/patches/ that does this. I hope it will be included
    mainline someday (patch isn't more than 2 months old, check out the LKML for
    more information).

    -- 
    --
    Asbjørn Sannes
    ace@sannes.org
    www.sannes.org
    

  • Next message: Enrico Scholz: "Re: chroot & mount --bind = security ?"

    Relevant Pages

    • Re: [Full-disclosure] Getting Off the Patch
      ... better than not patching. ... patch on one of our web servers which ran IIS 5.0 on Windows 2000. ... server because of this specific patch missing. ... security standpoint, it either has to be controlled or trusted. ...
      (Full-Disclosure)
    • Re: WARNING: IE Security update KB963027 Breaks Companyweb (SBS 20
      ... patch that could be applied to a system. ... It requires a person to install *on the server* IE7 and then pass on related ... The hotfix changes some core DLL's to fix security flaw in IE. ... proper testing. ...
      (microsoft.public.windows.server.sbs)
    • [NEWS] Remote Novell Netware Manager Security Issue
      ... Beyond Security would like to welcome Tiscali World Online ... Do not install on a NetWare 4.x or 6.x server. ... This patch MAY work on earlier NetWare 5.1 support pack releases, however, ...
      (Securiteam)
    • Re: WARNING: IE Security update KB963027 Breaks Companyweb (SBS 2003)
      ... But what I was trying to convey is that because this *was* a security patch, MS has to support it all the way back to SBS2k3 RTM, not just the current SP as per their product support lifecycle. ... It requires a person to install *on the server* IE7 and then pass on related updates, which I would argue is probably a significant edge-case. ...
      (microsoft.public.windows.server.sbs)
    • MS issues bum security patch, contradicts self
      ... MS issues bum security patch, ... "Without exploit code, how do we ensure that the patches actually work," ... server down, but a simple re-boot is all that's needed to bring things back. ...
      (Focus-Microsoft)