[1957] in WWW Security List Archive
Re: chroot-ed httpd
daemon@ATHENA.MIT.EDU (Rolf Weber)
Thu May 2 10:14:43 1996
From: Rolf Weber <weber@iez.com>
To: pgresse@ifhamy.insa-lyon.fr (Philippe Gresse)
Date: Thu, 2 May 1996 13:48:21 +0200 (MESZ)
Cc: jerryb@howpubs.com, www-security@ns2.rutgers.edu
In-Reply-To: <01BB375C.201F6D30@I425-a.resI.insa-lyon.fr> from "Philippe Gresse" at May 1, 96 12:45:45 pm
Errors-To: owner-www-security@ns2.rutgers.edu
>
> The NCSA server had a bug that allowed people to execute commands =
> remotely.
> Since the 1.5a release, this bug has been fixed.
> But perhaps there are some others... Then a "chroot" is a good =
> precaution...
>
yes, there is no reason to run it not chroot'd but thousands to
do it. i did it with my NCSA httpd, it was a work of about 1/2 hour
to copy a few files into the chroot'd directory.
BTW (this may be the main reason for this post :-), are there archives
for this list?
all i found was
http://www-ns.rutgers.edu/www-security/archives/index.html
but it wasn't updated since september last year :-(
(i guess there were postings since than...)
TIA, rolf
--
-----------------------------------------
Rolf Weber <weber@iez.com> | All I ask is a chance
IEZ AG D-64625 Bensheim | to prove that money
++49-6251-1309-113 | can't make me happy.
