Ivan Ristic | 9 Jun 21:27 2003

Chrooting Apache


Hi, I've just added a feature to mod_security (CVS and Apache 1.x
only at the moment) that greatly simplifies the process of
chrooting in some (most?) cases.

Essentially, the chroot call is made from the Apache itself, at the
very end of the initialisation process. The beauty of it is that
Apache performs everything it needs (shared libraries, log files)
before the chroot call and the jail need not contain any of those.

I've written a short article here:
http://www.modsecurity.org/documentation/apache-internal-chroot.html

and the link in CVS is (again, only Apache 1.x):
http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/*checkout*/mod-security/mod_security/apache1/mod_security.c?rev=1.4

What I have described works perfectly for me but I am interested
to hear other opinions (or experiences). If you are interested
please give it a try and let me know how you feel.

Bye,
Ivan

-------------------------------------------------------
This SF.net email is sponsored by:  Etnus, makers of TotalView, The best
thread debugger on the planet. Designed with thread debugging features
you've never dreamed of, try TotalView 6 free at www.etnus.com.

Gmane