search

emikulic / darkhttpd

When you need a web server in a hurry.
https://unix4lyfe.org/darkhttpd/
ISC License
1.03k stars 83 forks source link

Out-of-chroot pidfile handling? #69

Open hhartzer opened 4 months ago

hhartzer commented 4 months ago

Is it possible to handle PID files out of a chroot? This may be beyond darkhttpd in general, but it'd be kind of a cool thing to support.

We could hold an open file descriptor on the PID file before chroot, but I'm not sure it's possible to unlink with just the file descriptor.

emikulic commented 4 months ago

You could open a file descriptor for the parent directory of the pidfile before chroot and then use unlinkat.

I'm not sure if this is a good idea security-wise. IIUC you can subvert a chroot by chdiring to the outside of it, i.e. using that open fd.

hhartzer commented 3 months ago

That's an interesting idea. I'll have to think on that.

emikulic commented 3 months ago

I think doing this might be a bit over the top. Is there other software that does this, and evaluated the security aspects of doing so?

hhartzer commented 3 months ago

It might be, for sure. Not as far as I know, but there could be some. More of a thought. I can close this out if you like.