On Feb 16, 2005, at 9:33 AM, Joshua Penix wrote:
RBW1 wrote:
OK I follow that but I suppose I am looking for the details of how this
external access is no more problematic than say external access to
Apache and the issues of things like firewall, chroot jail etc, etc.
It could be just as problematic. You're letting an untrusted computer connect to yours.
But there are limits in place, the question is whether they're sufficient limits to make you accept the risk involved. The situation really isn't much different from Apache...
Given a firewall (which you already have, RIGHT? :), the untrusted connection is restricted to a specific port (6881 in Azureus' case, 80 in Apache's). Listening to that port is a program running as an unprivileged user (a user account in Azureus' case, 'httpd, apache, www-data, nobody, etc' in Apache's).
Azureus will be better than Apache in this case. A privileged user is required to connect to port 80, no such privilege is required for port 6881.
So yes, a chroot jail has a potential security benefit in this situation. Perhaps running the P2P client as a dedicated user separate from your regular login would be wise. Maybe consider running the original BitTorrent client, which is written in Python and thereby much less susceptible to buffer overruns.
Azureus is written in Java. It should have the same level of protection against buffer overruns as the Python version.
-a
-- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
