Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I have a program that may be compromised, but needs root rights initially. Currently, the program chroots into a preconfigured directory and then drops the privileges.
However, I would like to prevent my program from accessing the filesystem at all after it has dropped the root privileges, and if possible not require any configuration. Is there a better way than creating a temporary directory in /tmp and chrooting into it?
I ended up chrooting into a temporary directory (in my case,
/var/run/programname) and dropping privileges thereafter. This offers adequate protection, and does not require any complicated installation. On the downside, it requires my program to be running as superuser in the first place.