Обсуждение: Re: Running Postgres 7.0.2 in a chroot environment

Поиск
Список
Период
Сортировка

Re: Running Postgres 7.0.2 in a chroot environment

От
Jochen Topf
Дата:
I didn't quite follow everything you did, it looks a lot more complicated then
what is needed. Maybe some tips will get you on the right path:

1) You can give arguments to a program started by su by quoting, like:
   su user -c 'program arg1 arg2'

2) argv[0] should be the name of the program and not the first argument.

3) The 'chroot' command (at least on my system here) does *only* a chroot
   system call and starts a shell. This is *not* enough to be secure. At
   least you have to do a chdir("/") after the chroot().

4) There a programs around which do a chroot, chdir("/") and the setuid/gid
   to something sensible and start another programs. I have no reference handy
   but look around on freshmeat or the big FTP archives.

Using chroot in itself is not enough! If you don't really know what you are
doing and do kludgy things like the ones you describe in your posting, you
will probabely create more security holes then you will fix.

Jochen
--
Jochen Topf - jochen@remote.org - http://www.remote.org/jochen/