| 1 |
On 8/17/19 4:35 AM, Ulrich Mueller wrote: |
| 2 |
>>>>>> On Sat, 17 Aug 2019, Michael Orlitzky wrote |
| 3 |
> |
| 4 |
> Same for the "sshd" user, which IIRC chroots to /var/empty, but must |
| 5 |
> not (be able to) write to that dir. |
| 6 |
> |
| 7 |
|
| 8 |
OpenSSH is configurable in this regard, but this was a prescient |
| 9 |
example. OpenNTPd has a similar ./configure option for its chroot |
| 10 |
directory -- and then ignores it and chroots to $HOME anyway. |
| 11 |
|
| 12 |
In cases like that, probably the best we can do is to use a "unique" |
| 13 |
user and home directory, insofar as we can do that. |
| 14 |
|
| 15 |
I'll keep it in mind as a counterexample when writing the devmanual patch. |
Archives