httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dirk-Willem van Gulik <di...@webweaving.org>
Subject Re: High security
Date Tue, 06 May 2008 13:38:02 GMT

On May 6, 2008, at 3:27 PM, Nick Gearls wrote:

> Just a little adding: by adding "LoadFile libgcc_s.so.1" in  
> httpd.conf, I don't have any more file in the chroot (except  
> "htdocs" if not in pure proxy mode).

Is there a patch for the docs as well ? Including above trick ?

>
>
> Nick Gearls wrote:
>> I'm running the patch for one week on a production server, and it  
>> works perfectly (http://svn.apache.org/viewvc?view=rev&revision=611483 
>> ).
>> When using Apache as a reverse proxy, the chroot environment is  
>> totally empty (except libgcc_s.so.1).
>> Could we include this in next build ?
>> As it is very limited (basically 3 basic function calls plus the  
>> logging), it is trivial to review.
>> +1
>> Regards,
>> Nick
>> [... discussion about chroot effectiveness and letting the final  
>> choice to the user to use it or not ...]


Mime
View raw message