-
Notifications
You must be signed in to change notification settings - Fork 88
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Out-of-chroot pidfile handling? #69
Comments
You could open a file descriptor for the parent directory of the pidfile before I'm not sure if this is a good idea security-wise. IIUC you can subvert a |
That's an interesting idea. I'll have to think on that. |
I think doing this might be a bit over the top. Is there other software that does this, and evaluated the security aspects of doing so? |
It might be, for sure. Not as far as I know, but there could be some. More of a thought. I can close this out if you like. |
Is it possible to handle PID files out of a chroot? This may be beyond darkhttpd in general, but it'd be kind of a cool thing to support.
We could hold an open file descriptor on the PID file before chroot, but I'm not sure it's possible to unlink with just the file descriptor.
The text was updated successfully, but these errors were encountered: