Return-Path: 
 <dev-return-61234-apmail-httpd-dev-archive=httpd.apache.org@httpd.apache.org>
Delivered-To: apmail-httpd-dev-archive@www.apache.org
Received: (qmail 42527 invoked from network); 7 May 2008 09:00:52 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2)
  by minotaur.apache.org with SMTP; 7 May 2008 09:00:52 -0000
Received: (qmail 8804 invoked by uid 500); 7 May 2008 09:00:50 -0000
Delivered-To: apmail-httpd-dev-archive@httpd.apache.org
Received: (qmail 8713 invoked by uid 500); 7 May 2008 09:00:50 -0000
Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@httpd.apache.org
list-help: <mailto:dev-help@httpd.apache.org>
list-unsubscribe: <mailto:dev-unsubscribe@httpd.apache.org>
List-Post: <mailto:dev@httpd.apache.org>
List-Id: <dev.httpd.apache.org>
Delivered-To: mailing list dev@httpd.apache.org
Received: (qmail 8702 invoked by uid 99); 7 May 2008 09:00:50 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 07 May 2008 02:00:50 -0700
X-ASF-Spam-Status: No, hits=-0.0 required=10.0
	tests=SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (athena.apache.org: domain of nickgearls@gmail.com
 designates 66.249.92.169 as permitted sender)
Received: from [66.249.92.169] (HELO ug-out-1314.google.com) (66.249.92.169)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 07 May 2008 09:00:04 +0000
Received: by ug-out-1314.google.com with SMTP id a2so120108ugf.27
        for <dev@httpd.apache.org>; Wed, 07 May 2008 02:00:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:received:received:message-id:date:from:user-agent:mime-version:to:subject:references:in-reply-to:content-type:content-transfer-encoding;
        bh=fmm6RJcs8tUBpkfTxeNn9gPYBCQya7ZP2D6iUrqIRzk=;
        b=CskAk3+MHBTM5cDnl0uEeM+8GWBHcj1RkjDlBYNqvJHYxANNyGGFhxUmPW/LZ+hFynck2dB3lHITlGdXPrOvDB2KCHmv1A8QyV4ec1j2mX81SnH89z8+SNogWWiBt4rWtrPteHP9Pj9P2EbWjYK87B3b7IyndWoeyw5/nmkPDIg=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=message-id:date:from:user-agent:mime-version:to:subject:references:in-reply-to:content-type:content-transfer-encoding;
        b=XD6QY5QO4i1rcbO/JAbEdhTPudTqdRO1IDhJXO1AheSk/1JaRY6CUzM29V5bxWsxaknDk4Dj7yJNT44PNYB/lyCSf24za7EGgh9f6j5nDOjQGZxqT8/BAnA03/UQ5ypBRQ8EK+jbZ4Li9fCOw57O63g7m90XcZMNzQ0Z8vYIGTk=
Received: by 10.67.29.20 with SMTP id g20mr275809ugj.54.1210150817893;
        Wed, 07 May 2008 02:00:17 -0700 (PDT)
Received: from ?127.0.0.1? ( [217.64.248.146])
        by mx.google.com with ESMTPS id
 b39sm10930009ugf.39.2008.05.07.02.00.15
        (version=TLSv1/SSLv3 cipher=RC4-MD5);
        Wed, 07 May 2008 02:00:16 -0700 (PDT)
Message-ID: <48216F9E.3060909@gmail.com>
Date: Wed, 07 May 2008 11:00:14 +0200
From: Nick Gearls <nickgearls@gmail.com>
User-Agent: Thunderbird 2.0.0.14 (Windows/20080421)
MIME-Version: 1.0
To: dev@httpd.apache.org
Subject: Re: High security
References: <4798802F.4070308@gmail.com>
 <20080124121627.GA23588@infiltrator.gizzard.com>
 <99EA83DCDE961346AFA9B5EC33FEC08B464143@VF-MBX11.internal.vodafone.com>
 <4798B4FB.8000208@gmail.com> <4798F60D.60001@apache.org>
 <479F420B.7020705@gmail.com> <48205CAD.6080600@gmail.com>
 <EF737DEA-A0F9-4343-B2F6-BEE3208ADF7B@webweaving.org>
 <48206761.3060904@gmail.com>
 <DCEA9235-7147-4997-B147-431BA2368DF1@webweaving.org>
 <99EA83DCDE961346AFA9B5EC33FEC08B9F8247@VF-MBX11.internal.vodafone.com>
 <711DDD86-3434-4CC8-B75A-34D55F64F9E9@webweaving.org>
In-Reply-To: <711DDD86-3434-4CC8-B75A-34D55F64F9E9@webweaving.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit
X-Virus-Checked: Checked by ClamAV on apache.org

I propose to add the following:

In the usage:
All config files, logs, etc. are used by the main process and should 
thus not be stored in the chroot. Only files used by children listeners 
must be present in the chroot.

     <note><title>Content of the chroot</title>
       <p>The following files must be present in the chroot:</p>
       <ul><li>/lib/libgcc_s.so.1 (Linux)</li>
           <li>if bind (DNS) is used: /etc/resolv.conf &amp; 
/lib/libnss_dns.so.2 (Linux)</li>
           <li>if a hosts file is used: /etc/hosts</li>
           <li>if both a hosts file and bind (DNS) are used: 
/etc/hosts.conf</li>
           <li>HTML files (htdocs/ files)</li>
           <li>Temporary files used by modules (ex: ModSecurity temp 
files)</li>
           <li>When using additional modules, other files may be needed</li>
       </ul>
       <p><b>Remark:</b> shared object can also be loaded explicitely
	  in httpd.conf, instead of copying them into the chroot.
	  When using Apache as a reverse proxy, the chroot could thus potentially
	  be totally empty.</p>
     </note>

Regards,

Nick


Dirk-Willem van Gulik wrote:
> 
> On May 6, 2008, at 5:03 PM, Pl�m, R�diger, VF-Group wrote:
>>
>>
>>> -----Urspr�ngliche Nachricht-----
>>> Von: Dirk-Willem van Gulik
>>> Gesendet: Dienstag, 6. Mai 2008 17:00
>>> An: dev@httpd.apache.org
>>> Betreff: Re: High security
>>>
>>>
>>> On May 6, 2008, at 4:12 PM, Nick Gearls wrote:
>>>> If there's a chance to add it, I'm ready to write the doc patch
>>>
>>>
>>> I did below a while ago. May be useful as a start.
>>
>> There is already a documentation in trunk for this:
>>
>> http://svn.apache.org/viewvc?view=rev&revision=639005
> 
> 
> Aye - I edited on top of that version.
> 
> Dw.