Re: chroot() in 3.23.54

Sat, 21 Dec 2002 02:37:15 -0800 

Hi!

On Dec 18, Andrew Rucker Jones wrote:
> Sergei,
>       Forgive my ignorance, but i've been thinking about this. Isn't it 
> impossible to get it to work with the system calls i listed from strace? 
> To repeat:
> 
> chdir("/usr/local/var/mysql/")          = 0
> chroot("/chroot/mysql")                 = 0
> chdir("/")                              = 0
> open("./mysql/host.frm", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file
> or directory)
> 
> This says to me that it does not matter what i choose for my datadir. 
> chdir() to the directory that open() is expecting is done before the 
> chroot(). Then comes chroot() and chdir("/"), which puts the program 
> where it is not expecting to be, and forces all database directories to 
> be under the root of the chrooted filesystem. There are no other 
> chdir()s between chdir("/") and open().

You're right.
In fact, I tested only 4.0 branch - and chroot() worked perfectly there,
I didn't notice first, that you were writing about 3.23 :(
Sorry for this.

It happens out, that it's not possible to make --chroot option to work
correctly in MySQL 3.23 without making my.cnf files
backward-incompatible (that is, users will have to fix their my.cnf
files after upgrade, otherwise mysqld won't work).

Taking this into account, we decided to revert --chroot fix in 3.23.
So, in 3.23.55 --chroot will behave the same way it did in 3.23.53 -
and it will NOT provide 100% closed chroot jail :(

In 4.0, instead, --chroot works as one may expect - nothing outside
chroot jail is visible - and, still, my.cnf files are perfectly
backward-compatible.

So, I recommend you to upgrade to 4.0.6, if you want to use --chroot
option.

Regards,
Sergei

-- 
MySQL Development Team
   __  ___     ___ ____  __
  /  |/  /_ __/ __/ __ \/ /   Sergei Golubchik <[EMAIL PROTECTED]>
 / /|_/ / // /\ \/ /_/ / /__  MySQL AB, http://www.mysql.com/
/_/  /_/\_, /___/\___\_\___/  Osnabrueck, Germany
       <___/

---------------------------------------------------------------------
Before posting, please check:
   http://www.mysql.com/manual.php   (the manual)
   http://lists.mysql.com/           (the list archive)

To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php

Reply via email to