chroot-jail ?? whats this
Joseph S D Yao
jsdy at cospo.osis.gov
Fri Mar 31 21:49:37 UTC 2000
On Tue, Feb 29, 2000 at 11:19:20AM -0500, Harold Pritchett wrote:
> Ralf Hildebrandt wrote:
> > On Tue, Feb 29, 2000 at 12:39:00PM +0800, Lawrence Chan wrote:
> > > When setting up jails with chroot, how many of shared files can be linked
> > > or, would all needed files have to be duplicated below the jail root so as
> > > not to defeat the security provided by chroot?
> >
> > You cannot link them, since THE ORIGINAL FILES ARE NOT VISIBLE when in
> > chroot-jail! So you have to copy them.
>
> Actually, you should be able to put the originals in the /jail root and
> link them to the real root locations. You just can't go the other way.
(1) links point to the inodes themselves, so there is no need for any
link to be able to "see" its other.
(2) links are non-directional, all are equal.
(2) you may both be thinking of soft links or symbolic links.
(different names for the same thing.)
(3) if you are referring to operating system files such as shared
libraries, only broken systems would need them copied down.
unfortunately, several systems are broken in just that way.
however, data files would always have to be copied down.
(4) the BIND data files themselves would not be "copied" from anywhere
... the "jailed" files are the original and authoritative copies!
--
Joe Yao jsdy at cospo.osis.gov - Joseph S. D. Yao
COSPO/OSIS Computer Support EMT-B
-----------------------------------------------------------------------
This message is not an official statement of COSPO policies.
More information about the bind-users
mailing list