| Greg Lopp on Tue, 5 Mar 2002 00:20:09 -0500 |
|
On Mon, Mar 04, 2002 at 11:43:01PM -0500, Darxus@chaosreigns.com wrote: > Chowining is common for a bunch of stuff, and chrooting is common for > bind/dns, but I am wondering why chrooting apache isn't more common. I > guess for the number of people that make user/public_html work as > http://hostname/~user. But since I don't, it makes sense for me to chroot > apache. It's not just the data files that would have to be put in the jail is it? Wouldn't you also need all of the various libraries used by httpd? Chrooting bind is easy because it is far less extensible than apache. How many libraries just for /usr/sbin/apache? Then how many for the simplest of CGI/shell scripts? Throw in mod_perl. Pretty soon the question seems to be what can be left out of the chroot jail, rather then what else needs to go in. Disclaimer : Haven't tried it myself, just read the ravings of someone who tried. Greg Attachment:
pgpzZ7T8Vqfm8.pgp
|
|