Contributed by jose on from the empty-prison dept.
(Comments are closed)
OpenBSD Journal
Contributed by jose on from the empty-prison dept.
(Comments are closed)
Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]
By djm () on
The latter are generally incomplete solutions, waste HD space (all those static binaries or copies of shared libs) and are more fragile.
Sometimes the former is not an option :(
By schubert () on
If you get stumped on why an application borks in a chroot, run it outside the chroot with ktrace and look through the output with kdump and spot all the files it may be looking for (ldd will tell you the libraries of course)
By Kirill () km-dated-1045041864@krot.org on mailto:km-dated-1045041864@krot.org
By chroot newbie () on
And, thanks to Schubert for explaining the resolving of localhost problem. I run a lot of PHP/PostgreSQL servers and setting this up in 3.2 has been a bit of a challenge (learning opportunity).
By RC () on
Besides, why chroot anyhow? Your HAVE removed the SUID bits on most of your programs and changed the rest so only users in a certain group can run them, RIGHT?
For something like OpenSSH, chroot'ing it made a good addition (since you don't have anything to lose by doing it), but chroot's popularity has extended far beyond it's usefulness...