From: Joao Schim <j.schim@netmaniacs.nl>
To: "Bostjan Skufca (at) domenca.com" <bostjan.skufca@domenca.com>
Cc: linux-admin@vger.kernel.org
Subject: Re: chroot of apache's cgi execution
Date: Mon, 19 Jan 2004 10:45:03 +0100 [thread overview]
Message-ID: <20040119104503.68480edc.j.schim@netmaniacs.nl> (raw)
In-Reply-To: <200401190309.33032.bostjan.skufca@domenca.com>
No, of course it doesn't,
We don't want to run all httpd children as root do we ?
Then the safety level gained with chroot() is lost by the
fact you run as root. chroot() is easily broken by root
anyway, so you end up with a really false sense of security.
Regards,
Joao
On Mon, 19 Jan 2004 03:09:33 +0100
"Bostjan Skufca (at) domenca.com" <bostjan.skufca@domenca.com> wrote:
> it doesn't fit per-vhost requirement
>
> On Saturday 17 of January 2004 13:33, Joao Schim wrote:
> > Maybe this can help you ?
> >
> > http://www.devet.org/apache/chroot/
> >
> > Kind regards,
> >
> > Joao Schim
> >
> > On Sat, 17 Jan 2004 04:45:24 +0100
> >
> > "Bostjan Skufca (at) domenca.com" <bostjan.skufca@domenca.com> wrote:
> > > Hello all,
> > >
> > > can anybody give me some hint about chrooting execution of cgi script
> > > invoked through apache?
> > > I would like to achieve this on per-virtual-host basis so every
> > > virtual host would have different root dir to which it would chroot
> > > execution of it's cgi scripts. If the price is perl installation in
> > > every chroot jail so be it.
> > >
> > > Best regards,
> > >
> > > Bostjan Skufca
> > >
> > > -
> > > To unsubscribe from this list: send the line "unsubscribe
> > > linux-admin" in the body of a message to majordomo@vger.kernel.org
> > > More majordomo info at http://vger.kernel.org/majordomo-info.html
>
> --
> Best regards,
>
> Bostjan Skufca
> system administrator
>
> Domenca d.o.o.
> Phone: +386 4 5835444
> Fax: +386 4 5831999
> http://www.domenca.com
>
>
--
Slurm, n.: The slime that accumulates on the underside of a soap bar when
it sits in the dish too long. -- Rich Hall, "Sniglets"
===========================================================================
Joao Schim telefoon:(+31)40-2649860
fax:(+31)40-2649861
http://www.bowtie.nl
BowTie Technology BV Raiffeisenstraat 7 - 5611 CH Eindhoven
next prev parent reply other threads:[~2004-01-19 9:45 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-01-17 3:45 chroot of apache's cgi execution Bostjan Skufca (at) domenca.com
2004-01-17 4:27 ` asterr
2004-01-19 2:11 ` Bostjan Skufca (at) domenca.com
2004-01-17 12:33 ` Joao Schim
2004-01-19 2:09 ` Bostjan Skufca (at) domenca.com
2004-01-19 9:45 ` Joao Schim [this message]
2004-01-19 14:02 ` Bostjan Skufca (at) domenca.com
2004-01-20 5:53 ` Glynn Clements
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20040119104503.68480edc.j.schim@netmaniacs.nl \
--to=j.schim@netmaniacs.nl \
--cc=bostjan.skufca@domenca.com \
--cc=linux-admin@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).