[gopher] Re: Security issues in Gopher?

To: gopher@complete.org
Subject: [gopher] Re: Security issues in Gopher?
From: Robert Hahn <rhahn@tenletters.com>
Date: 22 Jan 2002 14:19:08 -0000
Message-id: <[🔎] 20020122141908.90821.qmail@ingwaz.pair.com>
Reply-to: gopher@complete.org

ooo... that's *cool*.

ok, so, building on your example, what if I created a soft link to ls from within /home/anstouh?  would that be enough to work, or do I have to physically copy the binary to within that directory?

thx,
-rh


> Put simply, it puts you into gaol. If you typed, say, 
> $ chroot /home/anstouh
> all you could do is access the programs below /home/anstouh. You can't write an
> event to a logfile, you can't run 'ls' (unless 'ls' happens to be somewhere in
> /home/anstouh, of course). 
> 
> If the only files in /var/gopher are owned by anstouh, read/writable by owner,
> readable by group and world, and you run a chrooted gopher as user nobody,
> there's not much someone can do if they manage to convince gopher to do
> anything other than serve up files and directories.
> 
> <Insert standard disclaimer.>
> 
> Tristan.

Reply to:

Follow-Ups:
- [gopher] Re: Security issues in Gopher?
  - From: David Allen <mda@idatar.com>
- [gopher] Re: Security issues in Gopher?
  - From: John Goerzen <jgoerzen@complete.org>

Prev by Date: [gopher] Re: Security issues in Gopher?
Next by Date: [gopher] Re: Security issues in Gopher?
Previous by thread: [gopher] Re: Security issues in Gopher?
Next by thread: [gopher] Re: Security issues in Gopher?
Index(es):
- Date
- Thread