[prev in list] [next in list] [prev in thread] [next in thread]
List: apache-modchroot
Subject: Re: mod_chroot and symlinks
From: Marek Gutkowski <hobbit () core ! segfault ! pl>
Date: 2005-12-30 17:02:48
Message-ID: 43B56838.3070108 () core ! segfault ! pl
[Download RAW message or body]
> Hi, I have been playing around with mod_chroot for a few weeks;
> everything works fine with the exception of symlinks to folders
> outside the jail. This issues does not seem to be specific to
> mod_chroot, but with chrooting in general.
>
[...]
> I have a few questions:
> 1. Does creating a symlink to a folder outside the jail, and have a
> non-root user access it, defeat the purpose of creating the jail? Why?
Creating a symlink to a folder outside the jail simply doesn't work.
Once inside a jail, a process cannot access anything outside the jail -
this also applies to symlinks.
You could create a normal (or so-called hard) link, which would work,
but it's against the idea of chroot(); we're trying to restrict Apache
to a certain directory.
> 2. Is there a solution/work-around for the above scenario?
If you're on Linux, mount -o bind might do the trick. I think there is a
similar thing under FreeBSD.
regards,
--
Marek Gutkowski
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic