[gopher] Re: Security issues in Gopher?

To: gopher@complete.org
Subject: [gopher] Re: Security issues in Gopher?
From: Robert Hahn <rhahn@tenletters.com>
Date: 23 Jan 2002 15:42:49 -0000
Message-id: <[🔎] 20020123154249.2080.qmail@ingwaz.pair.com>
Reply-to: gopher@complete.org

Kind of an FYI:

I re-read the man page in light of what I learned in this thread (thanks to all who contributed - great explanations!), and I realized my confusion.  The man page says it sets the new root directory - and I thought it meant the home directory for user root, not the root of the filesystem. Tricky.

I wonder who I would send that kind of feedback to?

-rh

John Goerzen wrote:
> 
> Robert Hahn <rhahn@tenletters.com> writes:
> 
> > Interesting.  I manned chroot last night, which gave me a clear answer as to what and how, but, as is typical with all man pages, lacks a 'why'. :P
> > 
> > So, can you explain what the significance of chroot* is and how it
> > increases security?  Especially as it compares to running a server
> > either as 'nobody' or (horrors) root?
> 
> It means that the files not under that directly are completely and
> forever inaccessible* to that process and all of its children.  Even a
> process running as nobody can read /etc/passwd.
> 
> So, run gopherd as nobody and put it chrooted, and you've got a
> bombproof protection.
> 
> * Exceptions exist for the superuser.
> 
>

Reply to:

Prev by Date: [gopher] Re: 200M ¿Õ¼ä + ¹ú¼ÊÓòÃû = 150Ôª/Äê
Next by Date: [gopher] Doing something about the spam.
Previous by thread: [gopher] Re: Security issues in Gopher?
Next by thread: [gopher] 200M 空间 + 国际域名 = 150元/年
Index(es):
- Date
- Thread