Best way to chroot jail this web script / daemon?
I have to bind a service to a port less than 1024, and thus, the service must be run as root. (Flash Policy / File Security service.)
I've never setup a service like this before, let alone one that faces the public, so I'm paranoid about it running as root..
It's a PHP script, sending XML and payload of data from what I can tell. Nothing fancy, but Flash clients need it in place to authorize a direct socket connection to another process the server is running. (Note: that means it runs as a stand alone script, not by a php handler via Apache or the like.)
What would be the most sane way to manage this?
chroot jail? If so, how? (And would a compromised root process be able to break out of said jail?)
Any advice would be great.
Last edited by medicMe; 05-07-2014 at 01:12 PM.
|