[1934] in WWW Security List Archive


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

chroot-ed httpd

daemon@ATHENA.MIT.EDU (Jerry Busser)
Tue Apr 30 20:59:56 1996

Date: Mon, 29 Apr 1996 12:48:48 -0500
From: jerryb@howpubs.com (Jerry Busser)
To: www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu

All --

I'm running NCSA's HTTP daemon, and one of the security measures that they mention but neither support nor especially endorse is running httpd in a chroot-ed environment. My question to everyone is: Is it worth it? To date we do not run our httpd chroot-ed, but I am going to overhaul our Web server in the near future and I'm wondering whether I should consider restructuring the filesystem to make it more hospitable for the chroot-ed daemon.

What are everyone's thoughts about this? 

Jerry


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[1934] in WWW Security List Archive

chroot-ed httpd

daemon@ATHENA.MIT.EDU (Jerry Busser)Tue Apr 30 20:59:56 1996

daemon@ATHENA.MIT.EDU (Jerry Busser)
Tue Apr 30 20:59:56 1996