Re: Light weight IDSes and then some

[George P Boutwell <george.boutwell@gmail.com>]

On 7/15/05, Alec Berryman <alec@thened.net> wrote:
> Let me clarify what I said: the directory which holds the content
> accessible under http://www.example.com/~user/ is physically locate
> under the chroot, and a symlink to that directory is placed in the
> user's home directory.  Neither the user's home directory nor the

Yes, that is how I understood it.

> symlink are not under the chroot; you don't have to worry about your
> machine being compromised through that symlink.

Hmm. Ok.  The alternative is the mount --bind that someone mentioned earlier...

> Doing the setup the other way around (with the symlink under the
> chroot and the directory outside the chroot) would not work - the
> program in the chroot would follow the symlink relative to the chroot
> and end up somewhere other than the intended directory (most likely
> nowhere).

Never thought of it that way... Of course I don't deal a whole lot
with symlinks directly if I can help it.

-- 
George