[gopher] Re: Security issues in Gopher?

To: gopher@complete.org
Subject: [gopher] Re: Security issues in Gopher?
From: Robert Hahn <rhahn@tenletters.com>
Date: 22 Jan 2002 14:05:20 -0000
Message-id: <[🔎] 20020122140520.88103.qmail@ingwaz.pair.com>
Reply-to: gopher@complete.org

> > pretty sound to me (ie: user 'nobody' can't really do a whole lot of 
> > damage) so I'm wondering what it would take for me to run gopherd as 
> > nobody - and better still, why people are running it as root.
> 
> You can not only run gopherd as nobody (see -u) but you can also run
> it chroot, which is more than you get with Apache even.

Interesting.  I manned chroot last night, which gave me a clear answer as to what and how, but, as is typical with all man pages, lacks a 'why'. :P

So, can you explain what the significance of chroot* is and how it increases security?  Especially as it compares to running a server either as 'nobody' or (horrors) root?

* I don't know what your manpage says, but mine says that chroot simply changes the location of the root home folder.

Or... point me to a resource that would do as well?

thx,
-rh

Reply to:

Follow-Ups:
- [gopher] Re: Security issues in Gopher?
  - From: Tristan Alexander McLeay <anstouh@yahoo.com.au>
- [gopher] Re: Security issues in Gopher?
  - From: John Goerzen <jgoerzen@complete.org>

Prev by Date: [gopher] Re: Security issues in Gopher?
Next by Date: [gopher] Re: Security issues in Gopher?
Previous by thread: [gopher] PROMOÇÃO CARNAVALESCA IMPERDIVEL !!!
Next by thread: [gopher] Re: Security issues in Gopher?
Index(es):
- Date
- Thread