[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Jailkit-users] ERROR: [directory] is not owned by root:root
From: |
Gregory Piñero |
Subject: |
Re: [Jailkit-users] ERROR: [directory] is not owned by root:root |
Date: |
Sun, 16 Sep 2007 13:38:43 -0400 |
On 9/16/07, Olivier Sessink <address@hidden> wrote:
> a chroot jail directory that can be modified by a user is a security
> risk. (anybody who can change libc can gain local root privileges)
>
> If one of the parent directories of the jail is owned by another user,
> the user cannot modify the jail, but the user can rename the parent, and
> then create a new directory with the name of the jail, and then modify
> it. So also in that case, there is a security risk.
>
> That's why jailkit checks for this situation.
>
So where do people typically place a jailed directory? Perhaps at the
root of the filesystem, e.g., /jailed_dir?
Thanks again,
-Greg