On Mon, 20 Aug 2001, Jeroen van Wolffelaar wrote:
> > > As I read it in CVS, chroot() will work even in safe-mode. Isn't this a
> > > bad idea(tm), or am I wrong?
> > > If users can chroot in safe-mode, Apache won't serve any more pages
> > > after all children have been chrooted to an empty dir?
> >
> > uhm, where have you read that? [ curious ]
>
>
> I just reasoned what could happen. if you chroot a child, I couldn't see a
> reason why it'd get respawned (since it doesn't die), but it will become a
> useless child, I guessed.
It will be useless indeed, as the filesystem root of it has been changed
then.
>
> > nope, cause it will run as apache user, and you have to be root to
> > chroot().
>
> I believe there are webservers which are run as root, or not? If that is the
> case, chroot should be disabled in safe-mode IMHO, or better, disabled in
> webserver envirment.
If your sysadm runs a webserver as root, you should fire him IMO.
>
> Currently the docs say that it is not *wise* to use it in webserver-env, not
> that is impossible. That's why I questioned safe-mode restrictions here.
yeah, right... I think it should only work in plain CGI mode, with no CGI
things in it (force-cgi-redirect) or other stuff. It simply has no use in
this cases...
Derick
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
