httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Gearls <nickgea...@gmail.com>
Subject Re: High security
Date Tue, 06 May 2008 14:12:49 GMT
If there's a chance to add it, I'm ready to write the doc patch

Nick


Dirk-Willem van Gulik wrote:
> 
> On May 6, 2008, at 3:27 PM, Nick Gearls wrote:
> 
>> Just a little adding: by adding "LoadFile libgcc_s.so.1" in 
>> httpd.conf, I don't have any more file in the chroot (except "htdocs" 
>> if not in pure proxy mode).
> 
> Is there a patch for the docs as well ? Including above trick ?
> 
>>
>>
>> Nick Gearls wrote:
>>> I'm running the patch for one week on a production server, and it 
>>> works perfectly (http://svn.apache.org/viewvc?view=rev&revision=611483).
>>> When using Apache as a reverse proxy, the chroot environment is 
>>> totally empty (except libgcc_s.so.1).
>>> Could we include this in next build ?
>>> As it is very limited (basically 3 basic function calls plus the 
>>> logging), it is trivial to review.
>>> +1
>>> Regards,
>>> Nick
>>> [... discussion about chroot effectiveness and letting the final 
>>> choice to the user to use it or not ...]
> 
> 

Mime
View raw message