Subject: Re: chroot jail for ftpd
To: Jonathan Stone <jonathan@DSG.Stanford.EDU>
From: Jason R Thorpe <>
List: tech-kern
Date: 10/18/2001 15:22:36
On Thu, Oct 18, 2001 at 03:11:26PM -0700, Jonathan Stone wrote:

 > I was acutlally wondering about hacking ld.{elf_}so  -- or wherever
 > LD_PRELOAD and LD_LIBRARY_PATH are acutally implemented; <dlfcn.h>? --
 > to check each element of a path and check for crossing over mountpoints
 > which are mounted noexec, and skipping those search-paths altogether.
 > Not to close the security loophole -- we agree on the right place for
 > that -- but to give cleaner semantics to anyone fishing for loopholes.

...except you wouldn't want to do that... because a perfectly legitimate
configuration might be to have a "noexec" /u1/ftp and a nullfs r/o mounted
on /u1/ftp/bin that has some executables in it that the FTP server is
allowed to run (just as an example).

        -- Jason R. Thorpe <>