"R. M. Lampert" wrote: > > Hi, folks! > > Due to some very unpleasant experience in the company > I'm working at (rootshell attack due to a buffer overflow > intrusion in httpd...) there's a great need with us > to inform thoroughly about changing to a safer environment, > that is LAMP or even better NAMP (NetBSD, Apache ... there > are some very unpalatable truths in the world, indeed!). > > Of topmost interest is building Apache and everything > that is associated with it (particularly MySQL, PHP, Perl) > within a chroot() environment to lock intruders within > this special ,,root directory``. > > Do you know any pointer to chroot()-information that includes > some kind of HOWTO rather than a list of advantages of this > approach?
not to discourage youb ut its pretty well known chroot() is not an ultimate solution for security, it has been in the past rather easy to break out of it, from what i remember you may be better off running freebsd and it's jail() (??) function which is a suped up chroot(). all im trying to say is don't expect chroot() to improve seucrity much, a determined cracker can defeat it(esp on linux) pretty easy. search BUGTRAQ for the discussions on the latest BIND problems(probably about 6 months ago..) interesting discussions. nate -- ::: ICQ: 75132336 http://www.aphroland.org/ http://www.linuxpowered.net/ [EMAIL PROTECTED]
