Received: with LISTAR (v1.0.0; list gopher);
 Tue, 22 Jan 2002 10:00:07 -0500 (EST)
Return-Path: <jgoerzen@complete.org>
Delivered-To: gopher@complete.org
Received: from christoph.complete.org (168-215-193-242.dslindiana.com
 [168.215.193.242])
	(using TLSv1 with cipher EDH-RSA-DES-CBC3-SHA (168/168 bits))
	(Client CN "christoph.complete.org",
 Issuer CN "John Goerzen -- Root CA" (verified OK))
	by pi.glockenspiel.complete.org (Postfix) with ESMTP
	id 8C12A3B80B; Tue, 22 Jan 2002 10:00:07 -0500 (EST)
Received: by christoph.complete.org (Postfix, from userid 1000)
	id 52E0D13273; Tue, 22 Jan 2002 10:00:07 -0500 (EST)
To: gopher@complete.org
Subject: [gopher] Re: Security issues in Gopher?
References: <20020122140520.88103.qmail@ingwaz.pair.com>
From: John Goerzen <jgoerzen@complete.org>
Date: 22 Jan 2002 10:00:07 -0500
In-Reply-To: <20020122140520.88103.qmail@ingwaz.pair.com>
Message-ID: <878zaqe8i0.fsf@complete.org>
Lines: 17
User-Agent: Gnus/5.0808 (Gnus v5.8.8) XEmacs/21.4 (Common Lisp)
MIME-Version: 1.0
Content-type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 8bit
X-archive-position: 384
X-listar-version: Listar v1.0.0
Sender: gopher-bounce@complete.org
Errors-to: gopher-bounce@complete.org
X-original-sender: jgoerzen@complete.org
Precedence: bulk
Reply-to: gopher@complete.org
List-help: <mailto:listar@complete.org?Subject=help>
List-unsubscribe: <mailto:gopher-request@complete.org?Subject=unsubscribe>
List-software: Listar version 1.0.0
X-List-ID: Gopher <gopher.complete.org>
List-subscribe: <mailto:gopher-request@complete.org?Subject=subscribe>
List-owner: <mailto:jgoerzen@complete.org>
List-post: <mailto:gopher@complete.org>
List-archive: <http://www.complete.org/mailinglists/archives/>
X-list: gopher


Robert Hahn <rhahn@tenletters.com> writes:

> Interesting.  I manned chroot last night, which gave me a clear answer as to what and how, but, as is typical with all man pages, lacks a 'why'. :P
> 
> So, can you explain what the significance of chroot* is and how it
> increases security?  Especially as it compares to running a server
> either as 'nobody' or (horrors) root?

It means that the files not under that directly are completely and
forever inaccessible* to that process and all of its children.  Even a
process running as nobody can read /etc/passwd.

So, run gopherd as nobody and put it chrooted, and you've got a
bombproof protection.

* Exceptions exist for the superuser.