Re: Patch for chroot() in 2.5STABLE1

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Fri, 4 Oct 2002 02:01:03 +0200

On Thursday 03 October 2002 23.51, Andrew Rucker Jones wrote:

> Could we work on a solution together? I would be happy to code it
> once we have the ideas worked out. The problem is one that i find
> interesting and that is important to me.

You are more than welcome to try to improve the chroot_dir directive.
I know the directive is not perfect, and has always intended to make
it better but as I know how to live with it's shortcomings (only
needs one symbolic link in the jail) it does not really bother me
enought to motivate me to actually do it..

There is several things needed to be done

1. The chroot() call needs to be moved to inbetween where the
configuration is parsed and where it is validated.

2. The SSL implementation needs to be changed to read it's keys at
parsing time rather than when the ports are opened (actually already
done, but not yet published)

3. Better documentation on how to use the chroot_dir directive is
needed, including explanation of which paths are affected by the jail
once there is such a distinction.. (now all and none are affected, at
the same time...)

Regards
Henrik
Received on Thu Oct 03 2002 - 18:01:31 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:16:52 MST