10 - System Management
In the above example, the program is fairly simple, and yet we have seen several different kinds of 
problems. 
Not every application can or should be chroot(2)ed. 
The goal is a secure web server, chroot(2)ing is just a tool to accomplish this, it is not the goal itself. 
Remember, the starting configuration of the OpenBSD chroot(2)ed Apache is where the user the httpd(8) 
program is running as can not run any programs, can not alter any files, and can not assume another user's 
identity. Loosen these restrictions, you have lessened your security, chroot or no chroot. 
Some applications are pretty simple, and chroot(2)ing them makes sense. Others are very complex, and are 
either not worth the effort of forcing them into a chroot(2), or by the time you copy enough of the system 
into the chroot, you have lost the benefit of the chroot(2) environment. For example, the OpenWebMail 
program requires the ability to read and write to the mail directory, the user's home directory, and must be 
able to work as any user on the system. Attempting to push it into a chroot would be completely pointless, 
as you would end up disabling all the benefits of chroot(2)ing. Even with an application as simple as the 
above counter, it must write to disk (to keep track of its counters), so some benefit of the chroot(2) is lost. 
Any application which has to assume root privileges to operate is pointless to attempt to chroot(2), as root 
can generally escape a chroot(2). 
Do not forget, if the chrooting process for your application is too difficult, you may not upgrade or update 
the system as often as you should. This could end up making your system LESS secure than a more 
maintainable system with the chroot feature deactivated. 

Download 1.27 Mb.

Do'stlaringiz bilan baham: