[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Security, audits and pserver
From: |
Paul Sander |
Subject: |
Re: Security, audits and pserver |
Date: |
Thu, 12 Dec 2002 09:11:18 -0800 |
A chroot environment is only good at containing what's inside it. It
does not prevent access to the chroot environment from outside.
In other words, chroot is fine for containing servers so that they cannot
access the rest of the system. But chroot does not protect something
from shell users, unless their shells are running in a different chroot
environment that does not overlap the first.
^
/ \
/ \
/ \
/ A \ A = outside user has access to chroot
/ | ^ \
/ | / \ \
/ |/ \ \
/ + \ \
/ /| \ \
/ / V \ \
/ / ok B->X\ \ B = server confined to chroot
/ / chroot \ \
/ +---------------+ \
+----------------------------+
/ filesystem
--- Forwarded mail from address@hidden
I've never used chroot'ed anything so I'm not sure if
a chrooted CVS will help prevent direct repo access
but it may still be worth looking into.
--- End of forwarded message from address@hidden
Re: Security, audits and pserver, Phil R Lawrence, 2002/12/12
- RE: Security, audits and pserver, Neis, Mark, 2002/12/12
- RE: Security, audits and pserver, Douglas Finkle, 2002/12/13
- RE: Security, audits and pserver, Walter, Jan, 2002/12/16