httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Torsten Foertsch <torsten.foert...@gmx.net>
Subject Re: High security
Date Sat, 26 Jan 2008 07:44:17 GMT
On Fri 25 Jan 2008, Nick Kew wrote:
> >  A
> > compromise might be to create a chroot hook and allow module
> > developers to use it. This would shift the support burden somewhat
> > from the core Apache team to those willing to engage the users
> > providing support.
>
> Isn't that basically the status quo (mod_security presumably hooks it
> in at post_config?)

Sometimes I have missed a ChildPrivilegedInit hook that is run between fork() 
and dropping privileges in the worker. That would be the right place to 
chroot() I think.

Torsten

Mime
View raw message