Hello,
I want to chroot mysql. So i chrooted it in /var/mysql (mysqld --chroot),
but web applications could access mysql server only by network, which is
not the most secure and fast way. Chrooting it to /var/www/mysql would not
be secure too.
The problem could be solved creating pseudo device
On Monday 19 June 2006 18:12, Martynas Venckus wrote:
I want to chroot mysql. So i chrooted it in /var/mysql (mysqld --chroot),
but web applications could access mysql server only by network, which is
not the most secure and fast way.
What's not secure about binding to localhost only?
---
On 6/19/06, Lars Hansson [EMAIL PROTECTED] wrote:
On Monday 19 June 2006 18:12, Martynas Venckus wrote:
I want to chroot mysql. So i chrooted it in /var/mysql (mysqld --chroot),
but web applications could access mysql server only by network, which is
not the most secure and fast way.
What's
On Monday 19 June 2006 19:09, knitti wrote:
protocol attacks on the application which talks to mysql?
Uhm, and using a domain socket is different how?
if you use some php stuff (any php sutff ;) and talk to mysql, you can
manipulate the db by sql injection.
And? This has nothing to do with
I'm still not clear on exactly why a domain socket is more secure than a
localhost tcp socket. Faster? Sure, but probably not by an amount that
matters. More secure? I really don't see how in this case.
Okay, why we should it listen to unneded port? Somebody could insensibly
redirect packets.
I am not sure as I have not tried it, but I think mySQL creates its unix
socket *before* it calls chroot() [or can be very easily fixed anyways].
No it can't create socket before chroot(), then how it would access mysql
data?
On Mon, 19 Jun 2006 13:09:20 +0200
knitti [EMAIL PROTECTED] wrote:
On 6/19/06, Lars Hansson [EMAIL PROTECTED] wrote:
On Monday 19 June 2006 18:12, Martynas Venckus wrote:
I want to chroot mysql. So i chrooted it in /var/mysql (mysqld --chroot),
but web applications could access mysql
Martynas Venckus wrote:
I am not sure as I have not tried it, but I think mySQL creates its unix
socket *before* it calls chroot() [or can be very easily fixed anyways].
No it can't create socket before chroot(), then how it would access mysql
data?
Can you elaborate on this? I don't get it.
On Mon, 19 Jun 2006 13:12:20 +0300 (EEST)
Martynas Venckus [EMAIL PROTECTED] wrote:
Hello,
I want to chroot mysql. So i chrooted it in /var/mysql (mysqld --chroot),
but web applications could access mysql server only by network, which is
not the most secure and fast way. Chrooting it to
On Mon, 19 Jun 2006 15:06:53 +0300 (EEST)
Martynas Venckus [EMAIL PROTECTED] wrote:
I am not sure as I have not tried it, but I think mySQL creates its unix
socket *before* it calls chroot() [or can be very easily fixed anyways].
No it can't create socket before chroot(), then how it would
On Mon, 19 Jun 2006 15:04:06 +0300 (EEST) Martynas Venckus [EMAIL
PROTECTED] wrote:
I'm still not clear on exactly why a domain socket is more secure than a
localhost tcp socket. Faster? Sure, but probably not by an amount that
matters. More secure? I really don't see how in this case.
On 6/19/06, Lars Hansson [EMAIL PROTECTED] wrote:
On Monday 19 June 2006 19:09, knitti wrote:
protocol attacks on the application which talks to mysql?
Uhm, and using a domain socket is different how?
ouch, snafu. sorry, I misunderstood. I don't think there's
any practical security
Okay, everything works like a charm.
I chrooted mysql using chroot(8), than created pseudo file, and 2 vnode
disks.
Then mount {vnode disk} /{chroot path}/var/run/mysql mount -f {vnode2
disk} /var/www/var/run/mysql.
13 matches
Mail list logo