Re: chroot, su and sudo
In article <KCEDJBGKMKIFFMDGHANOMECHECAA.firstname.lastname@example.org>
>I want to chroot a application/gameserver.
>What is the better/securest way?
>1.) "Chroot /path" and then do a "su -s /bin/sh user -c start.sh"
>2.) "su -s /bin/sh user" and then do the "chroot /path" as normal user and
>execute the "start.sh" in the chroot?
>Solution 2 does not need a root shell at all, why i think it is a little
>What do you think? WHat do u recommend? How would do solve this?
chroot is a priveleged system call that can be used to bypass
security. If you let me chroot as a normal user in a directory I set
up, you might as well have just given me the root password.
Best would be a setuid root program that is paranoid about any
paramaters or directories it is passed, that only runs untrusted code
as a non-priveleged user. chroot is not a mystical incantation to
make things safe. Used properly, it can enhance security, used poorly
it will bypass security.
Blars Blarson email@example.com
"Text is a way we cheat time." -- Patrick Nielsen Hayden