On Sat 24/07/10 19:41, "Gilles Chehade" gil...@poolp.org wrote: > On Sat, Jul 24, 2010 at 03:53:36PM +0200, Gilles Chehade wrote: > > You dont want to do that... > > > > Mayuresh Kathe <mayur...@ka > the.in> a C)critB : > > > >Has anyone experimented with using a set of > shell scripts as CGI under the > >stock Apache delivered with > > >OpenBSD? > > > > longer answer now that i reached home: > > 1- the goal of the chroot is to prevent apache from accessing things > outside its root directory (/var/www) as a measure to limit for example an > exploit from executing a shell. if you bring the shell inside the chroot ... > you already defeat that. > > 2- shell scripts do not rely on shell builtins, so if you want to use > them inside the chroot you also need to bring all of the commands you plan > to use too. that means a large chunk of /bin and /usr/bin. > > 3- why oh why ?
Thanks for the answer Gilles, as always, very complete :-) about: 3- why oh why ? Because I'm on the verge of running an experiment using OpenBSD. It involves a lot of small files in one big directory. I wanted to use the Unix toolkit rather than using the one big interpreted language (php, ruby) approach. Again, thank you. :-) Best.
