[prev in list] [next in list] [prev in thread] [next in thread] 

List:       apache-modchroot
Subject:    Re: mod_chroot and symlinks
From:       Marek Gutkowski <hobbit () core ! segfault ! pl>
Date:       2005-12-30 17:02:48
Message-ID: 43B56838.3070108 () core ! segfault ! pl
[Download RAW message or body]


> Hi, I have been playing around with mod_chroot for a few weeks;  
> everything works fine with the exception of symlinks to folders  
> outside the jail. This issues does not seem to be specific to  
> mod_chroot, but with chrooting in general.
>
[...]

> I have a few questions:
> 1. Does creating a symlink to a folder outside the jail, and have  a  
> non-root user access it, defeat the purpose of creating the jail? Why?

Creating a symlink to a folder outside the jail simply doesn't work. 
Once inside a jail, a process cannot access anything outside the jail - 
this also applies to symlinks.
You could create a normal (or so-called hard) link, which would work, 
but it's against the idea of chroot(); we're trying to restrict Apache 
to a certain directory.

> 2. Is there a solution/work-around for the above scenario?

If you're on Linux, mount -o bind might do the trick. I think there is a 
similar thing under FreeBSD.

regards,
-- 
Marek Gutkowski


[prev in list] [next in list] [prev in thread] [next in thread]