Or you could run mod_perl Joachim Schipper [EMAIL PROTECTED] wrote: > On Fri, May 26, 2006 at 11:21:54PM +0200, misiu wrote: > > Tony Abernethy schrieb: > > > > >The problem with a changed root is that everything you will ever > > >need to access needs to be inside this changed root. > > >All the libriaries, etc etc --- that's right, another copy. > > > > > >One advantage of OpenBSD is that they actually understand security. > > >(Most that tries to pass for security ... isn't (bluntly)) > > Tanx, > > > > so if I understand it right, I need to copy /var/www/cgi-bin into > > /var/www/htdocs. > > Erm, no. > > Say I write a Perl CGI script. I'd then need to copy /usr/bin/perl into > the chroot (i.e., to /var/www/usr/bin/perl). Of course, perl would fail > to start, as the perl executable is dynamically linked and thus > dependent on quite a few things. > > $ ldd /usr/bin/perl > /usr/bin/perl: > Start End Type Open Ref GrpRef Name > 00000000 00000000 exe 1 0 0 /usr/bin/perl > 02f9c000 22fbd000 rlib 0 1 0 /usr/lib/libperl.so.10.1 > 0d2f4000 2d2fb000 rlib 0 1 0 /usr/lib/libm.so.2.2 > 0acae000 2acb2000 rlib 0 1 0 /usr/lib/libutil.so.11.0 > 03310000 23341000 rlib 0 1 0 /usr/lib/libc.so.39.0 > 0e40f000 0e40f000 rtld 0 1 0 /usr/libexec/ld.so > > This means I'd need to copy the mentioned libraries into /var/www, i.e. > /var/www/usr/lib/libc.so.39.0 and so on. > > Of course, this would run Perl but probably not the script. You most > likely used some modules, and so on. This'd entail copying (parts of) > /usr/libdata/perl5 and/or /usr/local/libdata/perl5 into /var/www. > > Joachim
-- There is no certainty, there is only opportunity