Re: Light weight IDSes and then some
On 7/15/05, Alec Berryman <alec@thened.net> wrote:
> Let me clarify what I said: the directory which holds the content
> accessible under http://www.example.com/~user/ is physically locate
> under the chroot, and a symlink to that directory is placed in the
> user's home directory. Neither the user's home directory nor the
Yes, that is how I understood it.
> symlink are not under the chroot; you don't have to worry about your
> machine being compromised through that symlink.
Hmm. Ok. The alternative is the mount --bind that someone mentioned earlier...
> Doing the setup the other way around (with the symlink under the
> chroot and the directory outside the chroot) would not work - the
> program in the chroot would follow the symlink relative to the chroot
> and end up somewhere other than the intended directory (most likely
> nowhere).
Never thought of it that way... Of course I don't deal a whole lot
with symlinks directly if I can help it.
--
George
Reply to: