LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for April 4, 2013

LWN.net Weekly Edition for March 28, 2013

A kernel change breaks GlusterFS

PyCon: Evangelizing Python

Multipath TCP: an overview

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

What chroot() is really for

What chroot() is really for

Posted Oct 6, 2007 23:22 UTC (Sat) by acorliss (guest, #3710)
In reply to: What chroot() is really for by ckelso
Parent article: What chroot() is really for

No offense, but that's idiotic. There's many files on a system that are by design world readable (oh, say, /etc/passwd, for instance), and should be for regular users and processes. But that doesn't mean a process serving unknown and potentially hostile remote users should be able to get a list of accounts to attack on the system. Which is exactly the risk you should expect whenever you run a service that's designed to read files from a filesystem (like an http or ftp server).

Chroot isn't the be-all, end-all to this problem, but it's certainly a portable and effective tool that should be used along with others.

Your comments suggest you've never actually had to support publicaly accessible systems, or understand information security. It certainly doesn't demonstrate your administrative competence.

(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds