On 19 April 2012 11:50, Fabio Pietrosanti (naif) <li...@infosecurity.ch> wrote: > Apache does it with Mod_Security: > http://www.modsecurity.org/documentation/apache-internal-chroot.html > > ProFTPD does it with DefaultRoot: > http://www.proftpd.org/docs/directives/linked/config_ref_DefaultRoot.html
To add another data point, Colin Percival has blogged about how he terminates SSL connections in a jail to mitigate this risk. http://www.daemonology.net/blog/2009-09-28-securing-https.html -tom _______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
