that would be a very good point to start, I think. What services can be made running chrooted.
Is there anywhere some good documentation? Why does a major distribution does not support this by default?
Regards Cornelius
T. Ribbrock wrote:
On Wed, Jun 25, 2003 at 12:28:59PM -0500, Ed Wilts wrote:
One of the key differences between IIS and Apache is the way the web[...]
server is started.
On Linux, however, the web server almost always run under a non-privileged[...]
account. If Apache is penetrated, the worst the attacker can do is run
non-privileged code - they may access web server files and world
readable and writable files, but they won't be able to modify your
system binaries nor startups.
Is Apache actually running chrooted under RHL9? If so, an attacker could do even less, as Apache doesn't even have access to the whole file system, as it's running in its own little subset thereof.
OpenBSD for example runs Apache chrooted.
Cheerio,
Thomas
-- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
