I was just at cansecwest (http://cansecwest.com/) here in Vancouver, and
went to a talk by Crispin Cowan from Novell. He presented AppArmor which
confines the application into a restricted mode (which files it can access
and what it can and cannot do). Unlike jail/chroot AppArmor allows you to
provide different profiles per script, so it might be very useful to ISPs
which need to protect one user from another. It works as a linux security
module (LSM) so there is very little overhead and no need to patch your
kernel.
I haven't used it myself, but I think some of the mod_perl users can
benefit from it. I don't know why Novell folks didn't announce it to this
list.
more info at:
http://www.novell.com/products/apparmor/
http://www.novell.com/documentation/apparmor/
mod_perl is specifically mentioned on page 4 at:
http://www.novell.com/collateral/4821055/4821055.pdf
--
_____________________________________________________________
Stas Bekman mailto:[EMAIL PROTECTED] http://stason.org/
MailChannels: Assured Messaging(TM) http://mailchannels.com/
The "Practical mod_perl" book http://modperlbook.org/
http://perl.apache.org/ http://perl.org/ http://logilune.com/
