[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

chroot jail redux

From: Dan Kegel
Subject: chroot jail redux
Date: Sun, 05 Nov 2000 09:32:46 -0800

I read through some of the archived thread about
chroot jails for cvs with great interest.

I agree with both sides - for best security, the
cvs daemon should be run without root privs at all,
but various practical considerations make that hard to
do for some people.

Me, I'm willing to run it without root privs, but
given how utterly insecure cvs pserver mode is,
I still plan to run it in a chroot jail.
Since it won't have root privs, it won't be able to
break out of the jail.  And if someone exploits any
of the gaping security holes in cvs pserver, he'll only
be able to corrupt the files in the jail, and
won't compromise any other data.

The two posts that seem the most informative about 
how to run cvs in a chroot jail were
and their followups.   Also,
describes a way to do it without Justin's patch.
for my collected links on the subject.)

Is there a resource I'm missing here?  Has Justin put
up a web page about what's involved in really running
cvs in a chroot jail?
- Dan

reply via email to

[Prev in Thread] Current Thread [Next in Thread]