[1953] in WWW Security List Archive
RE: chroot-ed httpd
daemon@ATHENA.MIT.EDU (ramana@eng2.uconn.edu)
Wed May 1 20:21:14 1996
From: ramana@eng2.uconn.edu
Date: Wed, 1 May 1996 17:40:28 -0400 (EDT)
To: Philippe Gresse <pgresse@ifhamy.insa-lyon.fr>
Cc: "www-security@ns2.rutgers.edu" <www-security@ns2.rutgers.edu>
In-Reply-To: <01BB375C.201F6D30@I425-a.resI.insa-lyon.fr>
Errors-To: owner-www-security@ns2.rutgers.edu
There are problems running the deamon in chroot environment, specially if
there are lot of users on the system.
All the directories and files should exist under this direcotry and no
symbolic links outside the root(/ for chroot-ed directory).
Also if you are running scripts using perl or sh, then the executables
and libraries they use should exist in the chroot-ed path..
You might need a copy of the passwd and group file if you want users to
be able to have html files in their public_html
ramana
On Wed, 1 May 1996, Philippe Gresse wrote:
> The NCSA server had a bug that allowed people to execute commands remotely.
> Since the 1.5a release, this bug has been fixed.
> But perhaps there are some others... Then a "chroot" is a good precaution...
>
> Philippe
>
> I'm running NCSA's HTTP daemon, and one of the security measures that they mention but neither support nor especially endorse is running httpd in a chroot-ed environment. My question to everyone is: Is it worth it? To date we do not run our httpd chroot-ed, but I am going to overhaul our Web server in the near future and I'm wondering whether I should consider restructuring the filesystem to make it more hospitable for the chroot-ed daemon.
>
> What are everyone's thoughts about this?
>
> Jerry
>
>
>
