Thanks for the help. If it's not too much trouble, can someone try mediawiki on a chrooted apache with Latex? That way, we can compare results.
Thanks, Vivek On Tue, Feb 17, 2009 at 11:16 AM, Nick Holland <n...@holland-consulting.net> wrote: > Vivek Ayer wrote: >> Hi guys, >> >> Because I believe OpenBSD's apache is chrooted, it's causing problems >> with texvc parsing stuff. > > then run it with a -u... > > There are things that should be chrooted, and there are things that are > more trouble than they are worth to chroot. I think your project falls > in the later category. > > Don't think about getting something working, think about KEEPING it > working over the life span of the project...updates to the OS and apps > every six months...more often if critical bugs are found. > > http://www.openbsd.org/faq/faq10.html#httpdchroot > "...the starting configuration of the OpenBSD chroot(2)ed Apache is > where the user the httpd(8) program is running as can not run any > programs, can not alter any files, and can not assume another user's > identity. Loosen these restrictions, you have lessened your security, > chroot or no chroot." > > Your wiki server CAN run programs (probably lots of them), CAN alter > files. And, once you get all the pieces working...you will have to do > it again every six months, but you probably won't, because it is too > much work, so you will have a LESS secure system than an easy-to- > maintain, "untrusted" wiki server. > > remember: the chroot is not the goal, a secure and maintainable web > server is the goal. chroot is just one tool to achive that, and it > is not universally applicable. > > Nick.
