httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kristoffer Andsten" <kristoffer.ands...@lemonplanet.com>
Subject RE: Possible security enhancement to apache server
Date Tue, 26 Jun 2001 06:30:42 GMT
> Hi,
> 
> I would like to discuss with anybody who knows the internals of the
> software the viability of an Apache server change along the 
> following lines.
<snipsnip>

Another way of getting the (semi) same result is forwarding packets in
the kernel (on those OS' that support that kind of behaviour) from low
to high ports. The only drawback is that apache thinks it's running on a
high port and need a (very) minor patch to deal with the situation.. 

(The above mentioned beast is placed in a chroot cage where root is
non-existant. No suid binaries, nothing running as it.. you need to mess
with the kernel to get out, pretty much.)

Not saying one way or the other is The Ideal(C), merely listing
possibilities :-)

> Regards,
> -- Dave Campbell

Kriss

Mime
View raw message