httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Gearls <nickgea...@gmail.com>
Subject Re: High security
Date Tue, 06 May 2008 13:27:09 GMT
Just a little adding: by adding "LoadFile libgcc_s.so.1" in httpd.conf, 
I don't have any more file in the chroot (except "htdocs" if not in pure 
proxy mode).

This feature is really great !
Any reason to not include it ?

Regards,

Nick


Nick Gearls wrote:
> I'm running the patch for one week on a production server, and it works 
> perfectly (http://svn.apache.org/viewvc?view=rev&revision=611483).
> When using Apache as a reverse proxy, the chroot environment is totally 
> empty (except libgcc_s.so.1).
> 
> Could we include this in next build ?
> As it is very limited (basically 3 basic function calls plus the 
> logging), it is trivial to review.
> 
> +1
> 
> Regards,
> 
> Nick
> 
> 
> [... discussion about chroot effectiveness and letting the final choice 
> to the user to use it or not ...]
> 

Mime
View raw message