[gopher] Re: Security issues in Gopher?

To: gopher@complete.org
Subject: [gopher] Re: Security issues in Gopher?
From: John Goerzen <jgoerzen@complete.org>
Date: 22 Jan 2002 10:00:07 -0500
Message-id: <[🔎] 878zaqe8i0.fsf@complete.org>
Reply-to: gopher@complete.org
In-reply-to: <[🔎] 20020122140520.88103.qmail@ingwaz.pair.com>
References: <[🔎] 20020122140520.88103.qmail@ingwaz.pair.com>

Robert Hahn <rhahn@tenletters.com> writes:

> Interesting.  I manned chroot last night, which gave me a clear answer as to what and how, but, as is typical with all man pages, lacks a 'why'. :P
> 
> So, can you explain what the significance of chroot* is and how it
> increases security?  Especially as it compares to running a server
> either as 'nobody' or (horrors) root?

It means that the files not under that directly are completely and
forever inaccessible* to that process and all of its children.  Even a
process running as nobody can read /etc/passwd.

So, run gopherd as nobody and put it chrooted, and you've got a
bombproof protection.

* Exceptions exist for the superuser.

Reply to:

References:
- [gopher] Re: Security issues in Gopher?
  - From: Robert Hahn <rhahn@tenletters.com>

Prev by Date: [gopher] Re: Security issues in Gopher?
Next by Date: [gopher] 200M 空间 + 国际域名 = 150元/年
Previous by thread: [gopher] Re: Security issues in Gopher?
Next by thread: [gopher] Re: Security issues in Gopher?
Index(es):
- Date
- Thread