On 4 Feb 2006, at 20:38, veins wrote: >>> I would think php, but this doesn't explain it unless you turned the >>> chroot off. >> >> Due to historical reasons, we're not running apache chrooted. >> This is why they're in /tmp rather than /var/www/tmp, or any >> other place. > > historical ?
There are sites on this machine that we've had since 2000, and that were running on various insecure os' from there before we made the move to OpenBSD. I suspect that it would be a medium/large sized task to make these sites work under chroot, as well as reorganise the user home folders to fit in with this. On the other hand, getting my server pwn3d (again) is even more of a ballache. Time to book in some configuration time... Gaby -- Junkets for bunterish lickspittles since 1998! http://vanhegan.net/sudoku/ http://weblog.vanhegan.net/
