[mpm-itk] mpm_itk and chroot

Steinar H. Gunderson sgunderson at bigfoot.com
Mon Jan 4 21:04:59 CET 2010

On Mon, Jan 04, 2010 at 08:50:12PM +0100, Gregy wrote:
> I digged through the source and found out that chroot is done in
> unixd_setup_child function. Prefork calls this function, itk does not.
> I really don't understand the code so I don't know why it isremoved.
> Wouldn't it be possible to return it?

No; unixd_setup_child() does lots of stuff which is directly incompatible
with the way mpm-itk works. I could copy out the chroot stuff into mpm-itk,
but I honestly don't see the point; it doesn't really win you much security,
and it would require an extra capability to be added to mpm-itk's set. Just
set your permissions correctly :-)

/* Steinar */
Homepage: http://www.sesse.net/

