darkhttpd icon indicating copy to clipboard operation
darkhttpd copied to clipboard
verified publisher icon emikulic

Out-of-chroot pidfile handling?

Open hhartzer opened this issue 1 year ago • 4 comments

Is it possible to handle PID files out of a chroot? This may be beyond darkhttpd in general, but it'd be kind of a cool thing to support.

We could hold an open file descriptor on the PID file before chroot, but I'm not sure it's possible to unlink with just the file descriptor.

hhartzer avatar May 31 '24 20:05 hhartzer

You could open a file descriptor for the parent directory of the pidfile before chroot and then use unlinkat.

I'm not sure if this is a good idea security-wise. IIUC you can subvert a chroot by chdiring to the outside of it, i.e. using that open fd.

emikulic avatar Jun 01 '24 02:06 emikulic

That's an interesting idea. I'll have to think on that.

hhartzer avatar Jun 02 '24 23:06 hhartzer

I think doing this might be a bit over the top. Is there other software that does this, and evaluated the security aspects of doing so?

emikulic avatar Jun 02 '24 23:06 emikulic

It might be, for sure. Not as far as I know, but there could be some. More of a thought. I can close this out if you like.

hhartzer avatar Jun 03 '24 16:06 hhartzer