<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>Please, help me understand if 'use chroot' option in daemon
config is secure enough.<br>
Rsync manual has following lines:<br>
</p>
<blockquote>
<p><tt>As an additional safety feature, you can specify a dot-dir
in the module's</tt><tt><br>
</tt><tt>"path" to indicate the point where the chroot should
occur. This allows rsync</tt><tt><br>
</tt><tt>to run in a chroot with a non-"/" path for the top of
the transfer hierarchy.</tt><tt><br>
</tt><tt>Doing this guards against unintended library loading
(since those absolute</tt><tt><br>
</tt><tt>paths will not be inside the transfer hierarchy unless
you have used an unwise</tt><tt><br>
</tt><tt>pathname), and lets you setup libraries for the chroot
that are outside of the</tt><tt><br>
</tt><tt>transfer. For example, specifying
"/var/rsync/./module1" will chroot to the</tt><tt><br>
</tt><tt>"/var/rsync" directory and set the inside-chroot path
to "/module1". If you</tt><tt><br>
</tt><tt>had omitted the dot-dir, the chroot would have used the
whole path, and the</tt><tt><br>
</tt><tt>inside-chroot path would have been "/".</tt></p>
</blockquote>
<p>It *implies* that there could be a situation when rsync (in
daemon mode) loads some libraries *after* doing chroot system
call. But is this really possible?<br>
when stracing rsync daemon, I see no attempts to load libraries
after calling chroot:</p>
<blockquote>
<p><tt>[pid 42312] geteuid() = 0</tt><tt><br>
</tt><tt>[pid </tt><tt><tt>42312</tt>] chroot("/var/lib/mysql/")
= 0</tt><tt><br>
</tt><tt>[pid </tt><tt><tt>42312</tt>]
chdir("/") = 0</tt><tt><br>
</tt><tt>[pid </tt><tt><tt>42312</tt>]
setgid(0) = 0</tt><tt><br>
</tt><tt>[pid </tt><tt><tt>42312</tt>] setgroups(1,
[0]) = 0</tt><tt><br>
</tt><tt>[pid </tt><tt><tt>42312</tt>]
setuid(0) = 0</tt><tt><br>
</tt><tt>[pid </tt><tt><tt>42312</tt>] setresuid(-1, 0,
-1) = 0</tt><tt><br>
</tt><tt>[pid </tt><tt><tt>42312</tt>]
geteuid() = 0</tt><br>
</p>
</blockquote>
<p><br>
</p>
<pre class="moz-signature" cols="72">
</pre>
</body>
</html>