[cs631apue] Question for last class
Jan Schaumann
jschauma at stevens.edu
Tue Dec 3 11:38:09 EST 2019
Harsh J Jobanputra <hjobanpu at stevens.edu> wrote:
> It is regarding implementation for restricting
> access to files outside root dir in sws(1).
>
> It seems this is exactly what chroot(2) does.
> However, from what I understand, it requires root
> privilege and so cannot be used here. Or am I
> missing something? Is there a way to make use of
> chroot(2)?
chroot(2) could be used for this purpose, but is not
ideal: for a process to run inside of a chroot, you
need to have all the files, libraries, executables
etc. available within the chroot. While this can
provide some useful protections for your webserver, a
compromised web server still likely needs to have
access to other resources within the chroot.
Regular web servers may use chroot(2) initialization
to then further restrict the serving process, possibly
for each accepted connection. This is often possible
because most web servers are indeed started with root
privileges (since they often need to bind ports 80 and
443, i.e., reserved ports); they might then chroot(2)
and subsequently drop privileges.
For your server, this is not an option, so you will
need to sanitize the given URI yourself to yield an
absolute path without any "../" in it, then resolve
that path under your docroot.
> Is there a standard way to implement this?
Take a look at the different simple web server
implementations from
https://stevens.netmeister.org/631/code-reading-exercise.html
and see how they handle this.
-Jan
More information about the cs631apue
mailing list