Re: [Proftpd-devel] Chroot workarounds

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

On Sat, Jun 19, 2004 at 02:25:35PM -0700, Mike Mimic wrote:
> --- John Morrissey <jw...@pr...> wrote:
> > Have you had a look at mod_vroot?
> 
> But this would make everything less secure?

That depends. Technically, mod_vroot should provide the same capabilities as
a chroot (nobody can access anything outside of that directory hierarchy),
but a bug in mod_vroot could conceivably allow access outside the virtual
root.

However, allowing access to files outside a chroot is fairly painful, since
your only option is to bind a certain mount to multiple locations in the
filesystem:

http://www.castaglia.org/proftpd/doc/contrib/ProFTPD-mini-HOWTO-Chroot.html

> And how stable is this module?

I haven't used it personally, but TJ does good testing on his software and
has received feature enhancements to mod_vroot, so someone is using it. :-)

john
-- 
John Morrissey          _o            /\         ----  __o
jw...@pr...      _-< \_          /  \       ----  <  \,
www.horde.net/    __(_)/_(_)________/    \_______(_) /_(_)__