Mantis Bugtracker
  

Viewing Issue Advanced Details Jump to Notes ] View Simple ] Issue History ] Print ]
ID Category Severity Reproducibility Date Submitted Last Update
0002426 [Resin] minor always 02-11-08 16:57 03-05-08 14:23
Reporter ferg View Status public  
Assigned To ferg
Priority normal Resolution fixed Platform
Status closed   OS
Projection none   OS Version
ETA none Fixed in Version 3.1.6 Product Version 3.1.4
  Product Build
Summary 0002426: add chroot
Description for security
Steps To Reproduce
Additional Information
Attached Files

- Relationships

- Notes
(0002780)
norlab
02-14-08 20:11

Hi Scott,

1.) Will this bug be for chroot for the host/webapp/server? Will it be a way to prevent JRE from accessing server wide resources similar to chroot'ing the entire application?

2.) If possible I would request to have it be effective at the host level.

3.) Will this be available in 3.1.5?

Always impressed and grateful for the Caucho Team.

and thanks.
 
(0002781)
ferg
02-14-08 20:24

See http://caucho.com/resin/doc/resin-watchdog.xtp [^] and look at the ISP section, particularly the <watchdog-manager> section.

It would be a true chroot, not a virtual one, at the <watchdog> level, something like:

<resin ...>
<watchdog-manager>
<watchdog id="user1">
  <chroot>/var/host1</chroot>

  <user-name>user1</user-name>
  <group-name>group1</group-name>

  <resin-home>resin</resin-home>
  <resin-conf>conf/resin.conf</resin-conf>

  <open-port address="host1.com" port="80"/>
</watchdog>

chrooting is pretty severe. You need to add a copy of the JDK and Resin and stuff like /etc/resolv.conf if the application uses it.

If the application binds to port 80 or 8080 it would need its own IP, although you could set up a Resin load balancer on a web-tier and dispatch to different chrooted virtual hosts.

Unfortunately, 3.1.5 might not be possible. (Depending... it might be easier to implement than it would be to document or configure. The complication is all on the administrator's end.)
 
(0002783)
norlab
02-15-08 14:45

Hi Scott,

So, for lack of a better term, this would end up being a virtualized instance? The install would be with separate JRE files, resin app, etc? However sharing the same OS?

We would run a load balancer to destribute to the backend JVMs or backend virtual instances. We would also start each host instance with a separate JVM and hence different chroot location.

If unable roll this out with 3.1.5, we will start with using the new securitymanager changes and monitor server performance. However, as you suggested I think a better way is with chroot and separate JVM instances.

This does seem like a great feature once completed and a real good move in helping to make ISP environment more secure. And once again thanks, tons of thanks for providing a great product.
 

- Issue History
Date Modified Username Field Change
02-11-08 16:57 ferg New Issue
02-14-08 20:11 norlab Note Added: 0002780
02-14-08 20:24 ferg Note Added: 0002781
02-15-08 14:45 norlab Note Added: 0002783
03-05-08 14:23 ferg Assigned To  => ferg
03-05-08 14:23 ferg Status new => closed
03-05-08 14:23 ferg Resolution open => fixed
03-05-08 14:23 ferg Fixed in Version  => 3.1.6


Mantis 1.0.0rc3[^]
Copyright © 2000 - 2005 Mantis Group
33 total queries executed.
28 unique queries executed.
Powered by Mantis Bugtracker