Re: security: fully blown chroot environment vs chrootdir

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Just a thought recommended to me by RedHat last year.

Run SELinux :
SELinux can enforce the access rights of every user, application, process, and file
within a Red Hat system to a degree previously unavailable in enterprise operating
systems. It ensures that any application behaves as intended with very low
performance overhead. (For more Information, see Red Hat Enterprise Linux Security
Series: SELinux)

Link: http://www.redhat.com/f/pdf/RHEL_Security_WP_web.pdf
Cdlt, Dave
--------
YBA wrote:
Hello,

I was running apache for a number of years using fully blown chroot environment, mostly on RHEL (using "chroot" binary as a base). Recently, I have faced a requirement to wrap it up into rpm, which is not an easy task, considering all up to date libs, dependencies, etc.

As chrootdir directive seems to appeared only in 2.2.9 (?), part of mod_unixd, my question is how one could compare it to fully blown chroot environment, looking at it from security point of view. Would that be the same or are there any drawbacks on "chrootdir" side?

Also, I used to see information about mod_chroot, module, but this seem to disappeared at some point. I believe this module is not maintained any more for this purpose (at least google does not seem to know about it any more)?

All comments on this would be most appreciated.

Cheers.

S.


[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux