------------------------------------------------ On Mon, 27 Jan 2003 08:48:58 -0600, Ben Siders <[EMAIL PROTECTED]> wrote:
> I installed OpenBSD's Apache but the default configuration is that httpd > runs chroot'd to /var/www for security. This is fine, except that for > the life of me, I cannot get my Perl CGI scripts to run. I've tried > linking /usr/bin/perl into /var/www but that doesn't work because of the > chroot, I tried making a copy of the Perl interpretter and changing my > scripts to reference them, and that didn't work. How the heck are we > supposed to run any CGI then? The BSD purists are telling me it's a > security thing, and that's fine, I want a secure machine. But what good > is a secure machine that can't do anything? I really am trying to be a > good admin and not run httpd with -u to remove the chroot, but if > there's no way to run a Perl interpretter with the chroot on, it'll have > to go. It does me no good to run a really secure web server that can't > serve anything but html files. > Theoretically you could install a local version of Perl to the chroot environment. That way the rest of the system does not (theoretically) access your chroot'd perl, and your chroot'd environment has its own "secure" version of Perl. Naturally this is a pain in the ass...but then again you did want security didn't you? Locking the deadbolt is a pain in the ass, but it might keep someone from breaking into your house, then again, there are always the windows....so I guess it is up to you how much security is enough. This is also going to hinder to some extent the options you have within Perl I would think, for instance any xs libs are going to have to have a local copy of the c libs they use, any command line calls you make using system/backticks are going to have to be locally available, etc. Unless there is some way to bypass the chroot, which would it seem, defeat the purpose of it. http://danconia.org -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
