On 18 January 2013 16:31, Zachary Stern <zs@xxxxxxxxxxxxxxxxx> wrote: > I wanted to get some opinions - do you folks think running httpd in a > chroot jail is necessary on a server that only does httpd-serving and > nothing else? A chroot jail prevents a hacker from accessing anything you don't put in the jail. If you make everything read-only inside the jail, a hacker would be hard-pressed to mess things up, and would only be able to copy what is in the jail. Definitely don't put writable /dev/sd* device files in the jail, or expect your hard drive to get corrupted. Hopefully you block outgoing connections and/or don't leave a copy of netcat or telnet in there, so they can't use your machine as a jumping-off point to hack someone else, or spew spam to the world. I think users can even use bash to connect to tcp ports on the net, so there's another thing to block. Cheers! --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|