Closed HalosGhost closed 5 years ago
I am scrubbing plans for separating the two. It's true they could be isolated but main
is the more likely one to be targeted anyway (plus, it's the more likely to be broken into as it does more). Then taking control of the redirector
would be a secondary issue.
Having them be jailed into their shared directory is still a huge security win.
Looks like lwan has had the ability, for a while now, to drop privileges to a user (and even jail itself with a
chroot
) to minimize negative affects of a compromised server.Anything we can do to increase security is a GoodThing™, so we should do this ASAP.
lwan_straitjacket_enforce(&jacket);
inredirector
andmain
isolation ofredirector
and related files into separate subdirectory and straitjacketGetting both the
redirector
andmain
in a shared straitjacket mitigates possible compromise of the external system through either one; but eventually, separating both into their own straitjackets will mitigate compromise of either one from interfering with the other (more accurately, compromise of theredirector
interfering withmain
).