On Mon, 02 Jun 2003 at 03:38:21PM -0500, Adam Majer wrote: > With something like sendmail or apache, it only needs to see a very > limited part of the file system, so even braking these will not do > any real damage.
Don't get too over confident about chrooting Apache. One Apache process runs as root. This means if there is an exploit that sends arbitrary code across the shared scoreboard it could be ran as root and break out of the jail. However, for the most part, chrooting is a valid countermeasure/method to compartmentalize. It is a shame that no distribution comes with packages natively created with/for chrooting. -- Phillip Hofmeister PGP/GPG Key: http://www.zionlth.org/~plhofmei/ wget -O - http://www.zionlth.org/~plhofmei/key.txt | gpg --import -- Excuse #134: Backbone Scoliosis
