httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "John" <isofr...@cc.uoi.gr>
Subject Re: [users@httpd] Problem Starting Apache Chrooted
Date Thu, 03 Mar 2005 08:14:24 GMT
I suppose you mean the actuall chroot and not mod_chroot or mod_security
(???)


Let me ask you something.
If an apache version is vulnerable, anbd someone using a script or something
manage to install a backdoor on the server (let say /tmp, that means
/chroot/tmp)
Could he install it and then open the port?

Give me some more advantages on actuall chroot.


Thanks in advance.


----- Original Message ----- 
From: "Farid Izem" <farid.izem@gmail.com>
To: <users@httpd.apache.org>
Sent: Wednesday, March 02, 2005 7:45 PM
Subject: Re: [users@httpd] Problem Starting Apache Chrooted


> Didn't look at the security issues as i trying to understand the
> chroot mecanism
> Not only for Apache but also for Squid and bind !
>
> I think this module can increase the security in the near future !
>
> Kind Regards,
>
> Farid.
>
>
> On Wed, 2 Mar 2005 15:21:22 +0200, John <isofroni@cc.uoi.gr> wrote:
> > Ok, but if you look in the bugs history then you will find that
mod_security
> > has been suffering
> > from various security problems.
> >
> > I have heard that it is a good module for chroot and other security
> > hardening.
> >
> >
> > ----- Original Message -----
> > From: "Farid Izem" <farid.izem@gmail.com>
> > To: <users@httpd.apache.org>
> > Sent: Wednesday, March 02, 2005 10:33 AM
> > Subject: Re: [users@httpd] Problem Starting Apache Chrooted
> >
> > > Yes, i said Mod_security not mod_chroot :
> > > Take a look at :
> > >
> > http://www.modsecurity.org/documentation/apache-internal-chroot.html
> > >
> > > Best Regards,
> > >
> > > Farid.
> > >
> > > On Tue, 1 Mar 2005 20:53:39 +0200, John <isofroni@cc.uoi.gr> wrote:
> > > > ----- Original Message -----
> > > > From: "Farid Izem" <farid.izem@gmail.com>
> > > > To: <users@httpd.apache.org>
> > > > Sent: Tuesday, March 01, 2005 7:39 PM
> > > > Subject: Re: [users@httpd] Problem Starting Apache Chrooted
> > > >
> > > > > Not yet thinking on !
> > > > > I compiled my apache from the lastest source before chrooting it.
> > > > > Maybe using a shell script using ldd command may be the first way
to
> > look
> > > > at.
> > > > > Using rpm httpd file and mod_security is the easiest solution to
> > upgrade
> > > > > Because mod_security provide a simple solution to chroot easily
> > apache.
> > > > > There are some limits to this mecanism but maybe i could be
enought
> > for
> > > > you.
> > > > >
> > > > > Any ideas on are welcome !
> > > > >
> > > > > Kind Regards,
> > > > >
> > > > > Farid
> > > > >
> > > > >
> > > >
> > > > mod_security or mod_chroot ?
> > > > mod_chroot is mote focused on chrooting apache's process i think.
> > > >
> > > > What are the limitions you mentioned on this mechanism?
> > > >
> > >
> ---------------------------------------------------------------------
> > > > The official User-To-User support forum of the Apache HTTP Server
> > Project.
> > > > See <URL:http://httpd.apache.org/userslist.html> for more info.
> > > > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> > > >    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> > > > For additional commands, e-mail: users-help@httpd.apache.org
> > > >
> > > >
> > >
> > > ---------------------------------------------------------------------
> > > The official User-To-User support forum of the Apache HTTP Server
Project.
> > > See <URL:http://httpd.apache.org/userslist.html> for more info.
> > > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> > >    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> > > For additional commands, e-mail: users-help@httpd.apache.org
> >
> > ---------------------------------------------------------------------
> > The official User-To-User support forum of the Apache HTTP Server
Project.
> > See <URL:http://httpd.apache.org/userslist.html> for more info.
> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> > For additional commands, e-mail: users-help@httpd.apache.org
> >
> >
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message