From: | Jochen Topf <jochen(at)remote(dot)org> |
---|---|
To: | Gree3776(at)rowan(dot)edu |
Cc: | pgsql-admin(at)postgresql(dot)org |
Subject: | Re: Running Postgres 7.0.2 in a chroot environment |
Date: | 2000-07-11 07:01:01 |
Message-ID: | 20000711090101.A15331@eldorado.remote.org |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-admin |
I didn't quite follow everything you did, it looks a lot more complicated then
what is needed. Maybe some tips will get you on the right path:
1) You can give arguments to a program started by su by quoting, like:
su user -c 'program arg1 arg2'
2) argv[0] should be the name of the program and not the first argument.
3) The 'chroot' command (at least on my system here) does *only* a chroot
system call and starts a shell. This is *not* enough to be secure. At
least you have to do a chdir("/") after the chroot().
4) There a programs around which do a chroot, chdir("/") and the setuid/gid
to something sensible and start another programs. I have no reference handy
but look around on freshmeat or the big FTP archives.
Using chroot in itself is not enough! If you don't really know what you are
doing and do kludgy things like the ones you describe in your posting, you
will probabely create more security holes then you will fix.
Jochen
--
Jochen Topf - jochen(at)remote(dot)org - http://www.remote.org/jochen/
From | Date | Subject | |
---|---|---|---|
Next Message | Jiri Solc | 2000-07-11 09:39:51 | Users in psql |
Previous Message | Samuel Greenfeld | 2000-07-11 02:10:30 | Running Postgres 7.0.2 in a chroot environment, Linux 2.2 series, glibc |