I suppose you mean the actuall chroot and not mod_chroot or mod_security (???) Let me ask you something. If an apache version is vulnerable, anbd someone using a script or something manage to install a backdoor on the server (let say /tmp, that means /chroot/tmp) Could he install it and then open the port? Give me some more advantages on actuall chroot. Thanks in advance. ----- Original Message ----- From: "Farid Izem" <farid.izem@xxxxxxxxx> To: <users@xxxxxxxxxxxxxxxx> Sent: Wednesday, March 02, 2005 7:45 PM Subject: Re: [users@httpd] Problem Starting Apache Chrooted > Didn't look at the security issues as i trying to understand the > chroot mecanism > Not only for Apache but also for Squid and bind ! > > I think this module can increase the security in the near future ! > > Kind Regards, > > Farid. > > > On Wed, 2 Mar 2005 15:21:22 +0200, John <isofroni@xxxxxxxxx> wrote: > > Ok, but if you look in the bugs history then you will find that mod_security > > has been suffering > > from various security problems. > > > > I have heard that it is a good module for chroot and other security > > hardening. > > > > > > ----- Original Message ----- > > From: "Farid Izem" <farid.izem@xxxxxxxxx> > > To: <users@xxxxxxxxxxxxxxxx> > > Sent: Wednesday, March 02, 2005 10:33 AM > > Subject: Re: [users@httpd] Problem Starting Apache Chrooted > > > > > Yes, i said Mod_security not mod_chroot : > > > Take a look at : > > > > > http://www.modsecurity.org/documentation/apache-internal-chroot.html > > > > > > Best Regards, > > > > > > Farid. > > > > > > On Tue, 1 Mar 2005 20:53:39 +0200, John <isofroni@xxxxxxxxx> wrote: > > > > ----- Original Message ----- > > > > From: "Farid Izem" <farid.izem@xxxxxxxxx> > > > > To: <users@xxxxxxxxxxxxxxxx> > > > > Sent: Tuesday, March 01, 2005 7:39 PM > > > > Subject: Re: [users@httpd] Problem Starting Apache Chrooted > > > > > > > > > Not yet thinking on ! > > > > > I compiled my apache from the lastest source before chrooting it. > > > > > Maybe using a shell script using ldd command may be the first way to > > look > > > > at. > > > > > Using rpm httpd file and mod_security is the easiest solution to > > upgrade > > > > > Because mod_security provide a simple solution to chroot easily > > apache. > > > > > There are some limits to this mecanism but maybe i could be enought > > for > > > > you. > > > > > > > > > > Any ideas on are welcome ! > > > > > > > > > > Kind Regards, > > > > > > > > > > Farid > > > > > > > > > > > > > > > > > > mod_security or mod_chroot ? > > > > mod_chroot is mote focused on chrooting apache's process i think. > > > > > > > > What are the limitions you mentioned on this mechanism? > > > > > > > > --------------------------------------------------------------------- > > > > The official User-To-User support forum of the Apache HTTP Server > > Project. > > > > See <URL:http://httpd.apache.org/userslist.html> for more info. > > > > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx > > > > " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx > > > > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > The official User-To-User support forum of the Apache HTTP Server Project. > > > See <URL:http://httpd.apache.org/userslist.html> for more info. > > > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx > > > " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx > > > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx > > > > --------------------------------------------------------------------- > > The official User-To-User support forum of the Apache HTTP Server Project. > > See <URL:http://httpd.apache.org/userslist.html> for more info. > > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx > > " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx > > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx > > > > > > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP Server Project. > See <URL:http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx > " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx > --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|