httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 42341] New: - chroot patch directly after child creation
Date Sat, 05 May 2007 01:29:20 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=42341>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=42341

           Summary: chroot patch directly after child creation
           Product: Apache httpd-2
           Version: 2.2.4
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: enhancement
          Priority: P2
         Component: Core
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: csad3962@uibk.ac.at


This patch adds support for chroot. It includes a new configuration directive 
named ChangeServerRoot (the name can be changed of course) which accepts On or 
Off whether or not to chroot to the directory specified in ServerRoot. chroot 
is called directly before changing to the non-privileged user.
I succeeded to use subversion and php5 (including loading shared php 
extensions) with this patch. Everything happened as expected.
I had to remove the check for an existing DocumentRoot as the DocumentRoot may 
not exist before chrooting. Additionally the patch will slightly change the 
way paths may be specified. It is necessary to distinguish between files that 
are opened within the child processes (e.g. files to be served to the client) 
and those the root process opens (log files...). The first type of files need 
to be specified as absolute paths.

I am personally not sure why apache supports chroot only by using external 
modules and I think that chroot is a security feature that is worth to be 
included in the core of apache. Using the configuration directive people may 
choose to use this feature or not. By default, chroot will not used.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message