On Wed, 2005-12-14 at 23:38 +0100, viq wrote: > On Wednesday 14 December 2005 23:15, James Strandboge wrote: > > > systrace could provide an effective jail for firefox. 'man systrace'. > > Yes, it was mentioned, and it sounds like a good idea. > > While we're at systrace, I was wondering - could systrace reduce the risks > associated with running apache with PHP?
Default apache is already chrooted, so systracing it won't be as much of a win as systracing processes not in a chroot. That said, you can definitely add another layer and protect your apache chroot area by systracing it, sure. chrooting and/or systracing every internet facing server is not a bad idea at all. Jamie
