[gopher] Re: Security issues in Gopher?
Robert Hahn <rhahn@tenletters.com> writes:
> Interesting. I manned chroot last night, which gave me a clear answer as to what and how, but, as is typical with all man pages, lacks a 'why'. :P
>
> So, can you explain what the significance of chroot* is and how it
> increases security? Especially as it compares to running a server
> either as 'nobody' or (horrors) root?
It means that the files not under that directly are completely and
forever inaccessible* to that process and all of its children. Even a
process running as nobody can read /etc/passwd.
So, run gopherd as nobody and put it chrooted, and you've got a
bombproof protection.
* Exceptions exist for the superuser.
Reply to: