httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From SYBA <>
Subject Re: [users@httpd] security: fully blown chroot environment vs chrootdir
Date Wed, 17 Nov 2010 20:18:37 GMT
Thanks for that Dave.Current environment requirements do not let me use
SELinux hence I was wondering id there are any more comments on ChrootDir
directive ?



On 17 November 2010 08:37, David (Dave) Donnan <
> wrote:

>  Just a thought recommended to me by RedHat last year.
> Run SELinux :
> SELinux can enforce the access rights of every user, application, process,
> and file
> within a Red Hat system to a degree previously unavailable in enterprise
> operating
> systems. It ensures that any application behaves as intended with very low
> performance overhead. (For more Information, see Red Hat Enterprise Linux
> Security
> Series: SELinux)
> Link:
>  Cdlt, Dave
> --------
> YBA wrote:
> Hello,
> I was running apache for a number of years using fully blown chroot
> environment, mostly on RHEL (using "chroot" binary as a base). Recently, I
> have faced a requirement to wrap it up into rpm, which is not an easy task,
> considering all up to date libs, dependencies, etc.
> As chrootdir directive seems to appeared only in 2.2.9 (?), part of
> mod_unixd, my question is how one could compare it to fully blown chroot
> environment, looking at it from security point of view. Would that be the
> same or are there any drawbacks on "chrootdir" side?
> Also, I used to see information about mod_chroot, module, but this seem to
> disappeared at some point. I believe this module is not maintained any more
> for this purpose (at least google does not seem to know about it any more)?
> All comments on this would be most appreciated.
> Cheers.
> S.

View raw message