[bf1942] BFSM for 1.6 is out and working
Andrew A. Chen
achen-bf1942 at divo.net
Wed Feb 4 14:07:39 EST 2004
Hm, okay. Not the best solution, but better than running without chroot.
/proc itself isn't terribly insecure, but requiring it required a
non-chroot environment, which was somewhat insecure. I'd rather not
having customers poking around the filesystem. Thanks for the tip.
---
Andrew A. Chen
Divo Networks
On Wed, 4 Feb 2004, Casey Zacek wrote:
>
> It wants access to proc to find the process to attach to.
>
> If you run 2.4+ kernel, you can simply mount proc multiple times
> (mkdir /proc; mount /proc under each chroot "fs").
>
> Access to /proc is not insecure. Why do you think it is? If you
> don't run it as root (which I'm sure you don't), you shouldn't have
> anything to worry about.
>
> Andrew A. Chen wrote (at Wed, Feb 04, 2004 at 12:16:37AM -0800):
> > Sigh. So the last time I used BFSM was when the 2.0 beta first came out
> > several months ago. I went to go try it again and am still disappointed.
> > Why does this program insist on having access to /proc? For security
> > reasons, I run all servers inside a chroot jail, which obviously doesn't
> > have access to the /proc filesystem. Does anyone have another server
> > manager that doesn't blatently overlook security?
> >
> > ---
> > Andrew A. Chen
> > Divo Networks
> >
> > On Tue, 3 Feb 2004, KLM wrote:
> >
> > > http://www.blackbagops.com/bf1942/index.shtml
> > >
> > > ;)
> > >
> > > Regards
> > > KLM
> > >
> >
>
> --
> -- Casey Zacek (Zippo) Beer for Breakfast servers
> 66.111.111.66:14567 (BF1942) <http://bfb.bogleg.org/> Dallas, TX
>
More information about the Bf1942
mailing list