节点-防止子进程进入父目录 [英] Node - Prevent child process from going in to parent directory

问题描述

我正在从节点服务器中生成一个进程，该进程位于 / tmp / running / username （这是用户上传的节点进程）中

I am spawning a process from my node server, that is in /tmp/running/username (it is a node process uploaded by the user)

如何防止它读取（或知道是否存在） / tmp / running / username 以外的内容？

how do I prevent it from reading (or knowing of the existence of) anything other than /tmp/running/username?

我可以以任何必需的方式生成该过程。

I can spawn the process in any required way.

推荐答案

您可以将进程作为 chroot 的参数生成，这将更改您进程的根目录：

You could spawn the process as an argument for chroot, which will change the root directory for your process:

spawn('chroot', ['/tmp/running/username', 'yourprocess', 'arg1', ...]);

另一种方法是使用 chroot node-posix 模块中的函数（但要防止生成您的Node进程）外部程序也不会被chroot，您可能需要先进行派生并从子进程中调用chroot。）

An alternative would be to use the chroot function from the node-posix module (but to prevent the Node process from which you spawn your external program from being chrooted as well, you may need to fork first and call chroot from the child process).

这篇关于节点-防止子进程进入父目录的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！