In article <[EMAIL PROTECTED]>
[EMAIL PROTECTED] writes:
>Hello!
>I want to chroot a application/gameserver.
>
>What is the better/securest way?
>1.) "Chroot /path" and then do a "su -s /bin/sh user -c start.sh"
>or
>2.) "su -s /bin/sh user" and then do the "chroot /path" as normal user and
>execute the "start.sh" in the chroot?
>
>Solution 2 does not need a root shell at all, why i think it is a little
>more secure.
>What do you think? WHat do u recommend? How would do solve this?
chroot is a priveleged system call that can be used to bypass
security. If you let me chroot as a normal user in a directory I set
up, you might as well have just given me the root password.
Best would be a setuid root program that is paranoid about any
paramaters or directories it is passed, that only runs untrusted code
as a non-priveleged user. chroot is not a mystical incantation to
make things safe. Used properly, it can enhance security, used poorly
it will bypass security.
--
Blars Blarson [EMAIL PROTECTED]
http://www.blars.org/blars.html
"Text is a way we cheat time." -- Patrick Nielsen Hayden
