[1954] in WWW Security List Archive
Re: chroot-ed httpd
daemon@ATHENA.MIT.EDU (tauzell@math.umn.edu)
Wed May 1 20:41:22 1996
From: tauzell@math.umn.edu
To: jerryb@howpubs.com (Jerry Busser)
Date: Wed, 1 May 1996 16:33:24 -0500 (CDT)
Cc: www-security@ns2.rutgers.edu
In-Reply-To: <199604291748.MAA04845@muns149.munster> from "Jerry Busser" at Apr 29, 96 12:48:48 pm
Errors-To: owner-www-security@ns2.rutgers.edu
>
> All --
>
> I'm running NCSA's HTTP daemon, and one of the security measures that they mention but neither support nor especially endorse is running httpd in a chroot-ed environment. My question to everyone is: Is it worth it? To date we do not run our httpd chroot-ed, but I am going to overhaul our Web server in the near future and I'm wondering whether I should consider restructuring the filesystem to make it more hospitable for the chroot-ed daemon.
We run NCSA httpd chrooted on our server. The main reason was so
that students could write CGI programs. How much extra security it
gives us is hard to say, but it can't hurt. I am now trying to
install NCSA httpd 1.5.1 on Solaris and run it chrooted, but am having
problems. Anyone out there done this? Specifically , it can't create
sockets for the children.
---
David Tauzell Math Dept. Systems Staff
Office Phone: 625-4895
