Re: [IBMiOSS] the case for chroot -- OPENSOURCE

Subject: Re: [IBMiOSS] the case for chroot
From: Jack Woehr <jwoehr@xxxxxxxxxxxxx>
Date: Thu, 11 Aug 2016 13:52:36 -0600
List-archive: <http://archive.midrange.com/opensource/>
List-help: <mailto:opensource-request@midrange.com?subject=help>
List-id: IBMi Open Source Roundtable <opensource.midrange.com>
List-post: <mailto:opensource@midrange.com>
List-subscribe: <http://lists.midrange.com/mailman/listinfo/opensource>, <mailto:opensource-request@midrange.com?subject=subscribe>
List-unsubscribe: <http://lists.midrange.com/mailman/options/opensource>, <mailto:opensource-request@midrange.com?subject=unsubscribe>

Aaron Bartell wrote:

If I run "$ chroot /home/aaron/c1 /usr/bin/sh" I will
change my perceived root directory to be /home/aaron/c1, except at that
point my current shell (/usr/bin/sh) doesn't know it's in a chroot
environment because if I do "$ ls /" it will display the contents of
/home/aaron/c1 because it thinks that's the actual root.

OpenBSD's http server is configured by default to run in such an environment so that if a hacker comes in
through a weakness in user webbage or Apache code all they can see is sterile chroot environment the web server
runs in. OpenBSD admins often run other apps, e.g., Tor or News in chroot "jails".

As an Amazon Associate we earn from qualifying purchases.

This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.