On 7/13/18, Warren Young <war...@etr-usa.com> wrote: > > chroot() might even be strong enough given the tight scoping.
Just checking to make sure you know: If you launch Fossil as root, it will automatically put itself into a chroot jail in the directory containing the repository, then change its userid and groupid to match the owner of the repository. It does this prior to reading any content from the wire. The chroot jail that Fossil runs in can be very lean. It does not need a shell nor a bunch of libraries (assuming you have statically linked). You will need to mknod a /dev/null, /dev/random, and /dev/urandom inside the jail, but that seems harmless enough. As a defense against DoS attacks, Fossil has a feature were it refuses to run certain expense web pages (ex: creating new tarballs) if the system load averages is too high. Fossil uses the getloadavg() interface to compute this. On Linux, getloadavg() requires that /proc be mounted. So, if you want to use the rate limiting feature on Linux, you will need /proc mounted in your chroot jail. I wish there were a better way... -- D. Richard Hipp d...@sqlite.org _______________________________________________ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users