hi all,
sorry to enter so later in the discution...
i'm ok with you torsten (+1), i think is the good place to do it, think
adding hook like pre_childinit that occure before unixd_setup_child
remove the root rigth (in child_init you lost the root right juste
before) can be more generic way. and after use this hook to do
implemente the chroot option as loadable module.
and i think can be usefull for other module to have chance to use root
right juste before is removed in child_init...
existe other implementation of chroot in apache and i think many
interesting hints to use chroot in apache are in the page of mod_chroot:
http://core.segfault.pl/~hobbit/mod_chroot/caveats.html
i think is interesting to add some of this in the documentation also...
and loadfile of libgcc_s.so.1 is only needed in threaded mpm version.
because the thread lib use some symbole of libgcc_s.so.1 that are
autoloaded in child when create thread after unixd_setup_child occure...
i've made modified version (at 02/08) of mod_chroot that work like your
modification (chrooting juste before seting up setuid in the
child) but without modifying apache code and working with ap 2.0 and 2.2...
it work like that, i save the unixd_config.user_id in pre_mpm hook, and
force it to 0 (root), in that way in child_init root your are root
(unixd_setup_child skip changing user_id)!
like i can do the chroot in child_init hook, and restore
unixd_config.user_id and redo unixd_setup_child to remove root right.
i think an other modification must be done to be complete... is to
modify the way DocumentRoot global context cmd check if the path is
directory or not, will be very good, to check document root path in
chroot directory relative in place of server_root if chroot option is
activated.
without that modification you must have DocumentRoot in the chroot path
and outside the chroot path like that :
if chroot dir is /var/chroot and globale document root to
/var/chroot/www in httpd.conf
your globale document root point to /var/chroot/www/var/chroot/www.
with that modification you can set globale document root in the jail
path without problem...
a work around exist... using documentroot in virtualhost...
in vhost you can use path in the jail without problem because
documentroot cmd in the jail are executed
when vhost are checked... far later from the point the chroot occure
(juste before unixd_setup_child)...
in that way can be possible to set globale DocumentRoot to same dir of
chroot, and use only vhost to specify Document root directory...
but is not completely transparent because you must set a fake globale
document root that exist ouside the jail and you are obliged to use
vhost...
in my mod_chroot modification in correcte all path transparantly on the
fly (in translate hook, and map_to_storage hook) to work around
this (to do it without modification in apache code!)...but is more havy
modification... and more risky...
Regards,
Mathieu
------------------------------------------------------------------------
*From:* Torsten Foertsch
*Sent:* Sat, 26 Jan 2008 08:44:17 +0100
On Fri 25 Jan 2008, Nick Kew wrote:
> > A
> > compromise might be to create a chroot hook and allow module
> > developers to use it. This would shift the support burden somewhat
> > from the core Apache team to those willing to engage the users
> > providing support.
>
> Isn't that basically the status quo (mod_security presumably hooks it
> in at post_config?)
Sometimes I have missed a ChildPrivilegedInit hook that is run
between fork()
and dropping privileges in the worker. That would be the right place to
chroot() I think.
Torsten
