httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dirk-Willem van Gulik <di...@webweaving.org>
Subject Re: High security
Date Tue, 06 May 2008 14:20:10 GMT

On May 6, 2008, at 4:12 PM, Nick Gearls wrote:
> If there's a chance to add it, I'm ready to write the doc patch

Lets get that in there - and then lets (or I'll) backport it - so it  
goes into the next release.

> Dirk-Willem van Gulik wrote:
>> On May 6, 2008, at 3:27 PM, Nick Gearls wrote:
>>> Just a little adding: by adding "LoadFile libgcc_s.so.1" in  
>>> httpd.conf, I don't have any more file in the chroot (except  
>>> "htdocs" if not in pure proxy mode).
>> Is there a patch for the docs as well ? Including above trick ?
>>>
>>>
>>> Nick Gearls wrote:
>>>> I'm running the patch for one week on a production server, and it  
>>>> works perfectly (http://svn.apache.org/viewvc?view=rev&revision=611483

>>>> ).
>>>> When using Apache as a reverse proxy, the chroot environment is  
>>>> totally empty (except libgcc_s.so.1).
>>>> Could we include this in next build ?
>>>> As it is very limited (basically 3 basic function calls plus the  
>>>> logging), it is trivial to review.
>>>> +1
>>>> Regards,
>>>> Nick
>>>> [... discussion about chroot effectiveness and letting the final  
>>>> choice to the user to use it or not ...]


Dw.

Mime
View raw message