On Wed, Jan 24, 2001 at 02:50:46PM +0100, Christian Hammers wrote:
> I like to build my mysql package with chroot support and therfore jail it
> somewhere under /var/lib/mysql and link the log files to /var/log.
Do you plan to make them officially available in debian?
> I either statically link it so that it can be run from /usr/sbin and then
> live in /var/lib because I don't want to have binaries in /var or
> hardlink the libs from /usr/lib and /lib to /var/lib/mysql?
> Without trying it out I would say that the latter way is preferred, isn't it?
No of course not! Just consider an attacker breaking your mysql
daemon and gaining root, she will have access to system wide
libraries! This would defeat the purpose of a chroot environment.
You either have to copy the libraries into the chroot environment
or provide a statically linked binary. Also, remember to not to
start mysql with a working directory outside the chroot.
Ingo
--
16 Hard coded constant for amount of room allowed for
cache align and faster forwarding (tunable)
-- seen in /usr/src/linux-2.2.14/net/TUNABLE
