Re: chroot() in 3.23.54

Sat, 14 Dec 2002 14:10:46 -0800 

Hi!

On Dec 13, Andrew Rucker Jones wrote:
> Hi everyone,
>       First off, please include my personal e-mail address in any responses, 
> as i am not subscribed to the list.
>       I run MySQL with the chroot option. Up until 3.23.54, it worked fine. 

Up until 3.23.54 it simply didn't work, as mysqld was able to access files
outside chroot jail :(

> 3.23.54 changed the ordering in which some files were accessed (before 
> or after chroot()), which messed up the whole system -- entire 
> directories have to be copied or sym linked, for example. In particular, 
> it seems that older versions perhaps held an open file descriptor to the 
> directory where the database files are (which is outside of the chroot() 
> environment) and was therefore able to manipulate the databases after 
> the call to chroot().

That's, naturally, was totally wrong, and broke the whole idea of
chroot().

> 3.23.54 accesses the databases after chroot(), 
> which is certainly more secure, but it causes the following problem, 
> abbreviated from strace:
> 
> chdir("/usr/local/var/mysql/")          = 0
> chroot("/chroot/mysql")                 = 0
> chdir("/")                              = 0
> open("./mysql/host.frm", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file 
> or directory)
> 
> This forces me to copy all of my databases into the root directory of 
> the chroot jail (or at least create sym links to all of them), and leads 

Symlinking doesn't work.
But you can hardlink, if you'd like.

> to output like the following:
> 
> mysql> show databases;
> +----------+
> | Database |
> +----------+
> | etc      |
> | lib      |
> | mysql    |
> | tmp      |
> | usr      |
> | var      |
> +----------+
> 6 rows in set (0.02 sec)
> 
> Has anyone else had this problem, and is there an obvious work around 
> that i'm missing?

Obvious workaround is not to chroot to datadir, but to datadir/..

Regards,
Sergei

-- 
MySQL Development Team
   __  ___     ___ ____  __
  /  |/  /_ __/ __/ __ \/ /   Sergei Golubchik <[EMAIL PROTECTED]>
 / /|_/ / // /\ \/ /_/ / /__  MySQL AB, http://www.mysql.com/
/_/  /_/\_, /___/\___\_\___/  Osnabrueck, Germany
       <___/



---------------------------------------------------------------------
Before posting, please check:
   http://www.mysql.com/manual.php   (the manual)
   http://lists.mysql.com/           (the list archive)

To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php

Reply via email to