On Thu, 2007-10-11 at 17:35 -0500, Neal Tibrewala wrote: > peruser gives unparalleled security as it allows the whole process to > run as the user. Once in user-mode, the kernel can be relied upon to > protect files based on normal file and directory permissions. With > peruser, apache processes don't even need to have access to apache > configuration files. chroot() is, and has always been a poor man's > jail implementation that usually causes more holes than it fixes, just > in unknown ways (usually dealing with users being able to link in > binary libraries in unpredictable ways).
Yeah I read a lot of the recent discussion of chroot security, but the main point seems to be that chroot isn't secure if you leave the process running as root. Well of course it's not, but that's not what we're doing here - we chroot() and then setuid(). If the user can exploit a security hole and become root again, then yeah they can break out of the chroot jail pretty easily. But if they gain root, that's pretty much the least of your worries anyway. -- Sean Gabriel Heacock Telana Internet Services http://www.telana.com/ _______________________________________________ Peruser mailing list [email protected] http://www.telana.com/mailman/listinfo/peruser
