On Fri 25 Jan 2008, Nick Kew wrote: > > A > > compromise might be to create a chroot hook and allow module > > developers to use it. This would shift the support burden somewhat > > from the core Apache team to those willing to engage the users > > providing support. > > Isn't that basically the status quo (mod_security presumably hooks it > in at post_config?)
Sometimes I have missed a ChildPrivilegedInit hook that is run between fork() and dropping privileges in the worker. That would be the right place to chroot() I think. Torsten