Open hhartzer opened 4 months ago
You could open a file descriptor for the parent directory of the pidfile before chroot
and then use unlinkat
.
I'm not sure if this is a good idea security-wise. IIUC you can subvert a chroot
by chdir
ing to the outside of it, i.e. using that open fd.
That's an interesting idea. I'll have to think on that.
I think doing this might be a bit over the top. Is there other software that does this, and evaluated the security aspects of doing so?
It might be, for sure. Not as far as I know, but there could be some. More of a thought. I can close this out if you like.
Is it possible to handle PID files out of a chroot? This may be beyond darkhttpd in general, but it'd be kind of a cool thing to support.
We could hold an open file descriptor on the PID file before chroot, but I'm not sure it's possible to unlink with just the file descriptor.