httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject DO NOT REPLY [Bug 43596] Chroot patch
Date Tue, 09 Sep 2008 12:34:25 GMT

--- Comment #8 from Bj <>  2008-09-09 05:34:24 PST ---
Please read the whole story. It is about being able to escape from chroot as
root. Even Alan Cox himself tells us, that it is only about this. As a normal
user you do not have the right to use chroot at all. That is why using chroot
in combination with a non-privileged user is and will ever be a security

Why do so many server application support chroot? Do you think they have
implemented support for chroot because it is only a "nice to have"-feature?

Many people use third party php projects (like phpbb). Some of them have
security flaws that could be prevented by using chroot. This would e.g. stop
the spread of worms.
Using chroot it is not possible for an attacker to get any kind of remote shell
access, because there is simply no shell in the chroot tree.

Of course using chroot is not an excuse for not updating your software. But as
e.g. grsec is neither an excuse, it is a method to give the system
administrators time to update their software by preventing security flaws from
being exploited.

Configure bugmail:
------- You are receiving this mail because: -------
You are the assignee for the bug.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message