Re: [Sks-devel] chrooting sks.

sks-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sks-devel] chrooting sks.

From:	Chris Kuethe
Subject:	Re: [Sks-devel] chrooting sks.
Date:	Thu, 30 Sep 2004 12:52:05 -0600 (MDT)

On Thu, 30 Sep 2004 address@hidden wrote:


Hello,

I've set up sks in a chroot under linux, and I was wondering if there
are better ways of doing it:


You should be able to hack sks to do a simple chroot()/setuid(). It wasn't
terribly hard to do that to PKS, but then again, I don't really grok OCaml.
Plus, I'm still trying to understand the best way to put a global into sks
so that everything that logs can be {en,dis}abled.

Granted, that means you need to start it as root so it can chroot(), but sks
can then drop privileges immediately afterwards. Perhaps it can refuse to run
as root.

Chrooting things can have a fairly high PITA factor, especially if you want
to use DNS lookups on the fly and send out mail. Actually, DNS isn't that
hard - just make sure an appropriate /etc/resolv.conf appears inside the
jail, and you should be good to go.

CK

--
Chris Kuethe, GCIA CISSP: Secure Systems Specialist - U of A CNS
      office: 157 General Services Bldg.    +1.780.492.8135
              address@hidden

     GDB has a 'break' feature; why doesn't it have 'fix' too?

[Prev in Thread]

Current Thread

[Next in Thread]

[Sks-devel] chrooting sks., jack-sks-devel, 2004/09/30
- Re: [Sks-devel] chrooting sks., Chris Kuethe <=
  - Re: [Sks-devel] chrooting sks., Yaron Minsky, 2004/09/30

Prev by Date: [Sks-devel] chrooting sks.
Next by Date: Re: [Sks-devel] A couple of small updates
Previous by thread: [Sks-devel] chrooting sks.
Next by thread: Re: [Sks-devel] chrooting sks.
Index(es):
- Date
- Thread