Received: with LISTAR (v1.0.0; list gopher); Tue, 22 Jan 2002 09:19:09 -0500 (EST) Return-Path: Delivered-To: gopher@complete.org Received: from ingwaz.pair.com (ingwaz.pair.com [209.68.1.186]) by pi.glockenspiel.complete.org (Postfix) with SMTP id 592593B80B for ; Tue, 22 Jan 2002 09:19:09 -0500 (EST) Received: (qmail 90823 invoked by uid 3017); 22 Jan 2002 14:19:08 -0000 Date: 22 Jan 2002 14:19:08 -0000 Message-ID: <20020122141908.90821.qmail@ingwaz.pair.com> To: gopher@complete.org From: Robert Hahn Subject: [gopher] Re: Security issues in Gopher? X-archive-position: 381 X-listar-version: Listar v1.0.0 Sender: gopher-bounce@complete.org Errors-to: gopher-bounce@complete.org X-original-sender: rhahn@tenletters.com Precedence: bulk Reply-to: gopher@complete.org List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: Gopher List-subscribe: List-owner: List-post: List-archive: X-list: gopher ooo... that's *cool*. ok, so, building on your example, what if I created a soft link to ls from within /home/anstouh? would that be enough to work, or do I have to physically copy the binary to within that directory? thx, -rh > Put simply, it puts you into gaol. If you typed, say, > $ chroot /home/anstouh > all you could do is access the programs below /home/anstouh. You can't write an > event to a logfile, you can't run 'ls' (unless 'ls' happens to be somewhere in > /home/anstouh, of course). > > If the only files in /var/gopher are owned by anstouh, read/writable by owner, > readable by group and world, and you run a chrooted gopher as user nobody, > there's not much someone can do if they manage to convince gopher to do > anything other than serve up files and directories. > > > > Tristan.