Hello, I would like to see some opinions on chrooting - 1) how big are possible risks of hardened gentoo system compromise, if apache is run normally, therefore a need of chrooting?
2) suppose I chroot Apache: what chances it still has to harm something in the outside OS? My knowledge about various system capabilities, network etc is too little, so enlighten me... And how big is an Apache chroot? And by the way, how big are the risks for sshd and ntpd to open up a way into the hardened gentoo system? Can that recent ntp glsa be ignored, if its hardened with memory protections? Jan
