Re: chroot & mount --bind = security ?
From: Enrico Scholz (enrico.scholz_at_informatik.tu-chemnitz.de)
Date: 04/09/04
- Previous message: Asbjørn Sannes: "Re: chroot & mount --bind = security ?"
- In reply to: Julien Nury: "chroot & mount --bind = security ?"
- Next in thread: Scott Gifford: "Re: Re[2]: chroot & mount --bind = security ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: focus-linux@securityfocus.com Date: Fri, 09 Apr 2004 14:47:26 +0200
jnury@voila.fr (Julien Nury) writes:
> Imagine :
> - An apache web server chrooted in /chroot/httpd, this server publish
> document in /chroot/httpd/var/www
> - A FTP server chrooted in /chroot/ftpd
>
> I would like to do like this :
>
> - A folder /var/www witch contains my html documents
> - mount --bind /var/www /chroot/httpd/var/www to allow the web server to access them
> - mount --bind /var/www /chroot/ftpd/var/www to allow the ftp server to update them
>...
> - is there a security problem with it ?
Yes; this configuration makes it possible for non-root processes to escape
the chroots. All you need is an UNIX socket in the shared filesystem which
is used to exchange directory-fds with SCM_RIGHTS.
But since chroot is unrelated to security, this should not matter ;)
Enrico
- Previous message: Asbjørn Sannes: "Re: chroot & mount --bind = security ?"
- In reply to: Julien Nury: "chroot & mount --bind = security ?"
- Next in thread: Scott Gifford: "Re: Re[2]: chroot & mount --bind = security ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
