Re: Running Postgres 7.0.2 in a chroot environment

From: Jochen Topf <jochen(at)remote(dot)org>
To: Gree3776(at)rowan(dot)edu
Cc: pgsql-admin(at)postgresql(dot)org
Subject: Re: Running Postgres 7.0.2 in a chroot environment
Date: 2000-07-11 07:01:01
Message-ID: 20000711090101.A15331@eldorado.remote.org
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-admin

I didn't quite follow everything you did, it looks a lot more complicated then
what is needed. Maybe some tips will get you on the right path:

1) You can give arguments to a program started by su by quoting, like:
su user -c 'program arg1 arg2'

2) argv[0] should be the name of the program and not the first argument.

3) The 'chroot' command (at least on my system here) does *only* a chroot
system call and starts a shell. This is *not* enough to be secure. At
least you have to do a chdir("/") after the chroot().

4) There a programs around which do a chroot, chdir("/") and the setuid/gid
to something sensible and start another programs. I have no reference handy
but look around on freshmeat or the big FTP archives.

Using chroot in itself is not enough! If you don't really know what you are
doing and do kludgy things like the ones you describe in your posting, you
will probabely create more security holes then you will fix.

Jochen
--
Jochen Topf - jochen(at)remote(dot)org - http://www.remote.org/jochen/

Browse pgsql-admin by date

  From Date Subject
Next Message Jiri Solc 2000-07-11 09:39:51 Users in psql
Previous Message Samuel Greenfeld 2000-07-11 02:10:30 Running Postgres 7.0.2 in a chroot environment, Linux 2.2 series, glibc