[gopher] Running buckd in a chroot jail?

To: gopher@complete.org
Subject: [gopher] Running buckd in a chroot jail?
From: Brian Koontz <brian@pongonova.net>
Date: Sat, 9 May 2009 20:05:03 -0500
Message-id: <[🔎] 20090510010503.GB10151@pongonova.net>
Reply-to: gopher@complete.org

I've got buckd successfully running in a chroot jail.  This is the
relevant portion of my xinetd.conf file:

# added by Bucktooth install
service buckd
{
        type                    = UNLISTED
        protocol                = tcp
        port                    = 70
        flags                   = REUSE
        socket_type             = stream
        wait                    = no
        instances               = UNLIMITED
        user                    = root
#        server                  = /chroot/buckd/usr/local/bin/buckd
        server                  = /usr/sbin/chroot
        server_args             = /chroot/buckd/ /usr/local/bin/buckd

}

The obvious problem here is that buckd is running as root (because
chroot must be invoked as root).  From what I understand, it's still
possible to break out of a chroot jail as root.  Is there a way for me
to set this up so buckd runs under a non-root user?

  --Brian

Reply to:

Follow-Ups:
- [gopher] Re: Running buckd in a chroot jail?
  - From: Brian Koontz <brian@pongonova.net>

Next by Date: [gopher] Re: Running buckd in a chroot jail?
Next by thread: [gopher] Re: Running buckd in a chroot jail?
Index(es):
- Date
- Thread