logo       
Bookmark and Share

Re: mod_chroot and symlinks: msg#00006

apache.mod-chroot.general

Subject: Re: mod_chroot and symlinks


Hi, I have been playing around with mod_chroot for a few weeks; everything works fine with the exception of symlinks to folders outside the jail. This issues does not seem to be specific to mod_chroot, but with chrooting in general.

[...]

I have a few questions:
1. Does creating a symlink to a folder outside the jail, and have a non-root user access it, defeat the purpose of creating the jail? Why?

Creating a symlink to a folder outside the jail simply doesn't work. Once inside a jail, a process cannot access anything outside the jail - this also applies to symlinks.
You could create a normal (or so-called hard) link, which would work, but it's against the idea of chroot(); we're trying to restrict Apache to a certain directory.

2. Is there a solution/work-around for the above scenario?

If you're on Linux, mount -o bind might do the trick. I think there is a similar thing under FreeBSD.

regards,
--
Marek Gutkowski



<Prev in Thread] Current Thread [Next in Thread>
Google Custom Search

News | Mail Home | sitemap | FAQ | advertise