LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 09-21-2006, 05:29 AM   #1
hank43
Member
 
Registered: Nov 2003
Distribution: centos 4.4
Posts: 94

Rep: Reputation: 15
apache chroot gotchas?


I'm doing my first chroot of apache2 on centos 4.4. There are many books/tutorials out there on how to do it. Are there any major 'gotchas' with the procedure? Somthing that could make it worthless if done incorrectly? Any major stumbling blocks?
 
Old 09-21-2006, 11:22 PM   #2
stress_junkie
Senior Member
 
Registered: Dec 2005
Location: Massachusetts, USA
Distribution: Ubuntu 10.04 and CentOS 5.5
Posts: 3,873

Rep: Reputation: 335Reputation: 335Reputation: 335Reputation: 335
Applications that allow something like
Code:
ls ../../../../
can escape a chroot jail.

There is a PAM configuration file in /etc/security called chroot.conf. It may make a chroot jail more secure since it involves PAM. I don't know.

We have to remember that the chroot utility was not created as a security device. It was created for programmers to create a test environment for their software. Therefore it is not necessarily very secure unless the account that you have chroot jailed is unable to do the kind of thing that I listed above. That's why vsftpd is more secure than ftpd.

This was, and may still be, a concern for web server administrators because you might allow someone to put a URL such as
Code:
www.my.place/../../../
You may be able to configure Apache to prevent this. I'm sure that you can configure Apache to not allow file lists to be displayed to web clients.

Just something to think about.

Last edited by stress_junkie; 09-21-2006 at 11:25 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Problem with chroot Apache JoeDuncan Linux - Security 3 09-15-2005 05:31 PM
Chroot Apache nistelrooy Linux - Security 1 06-18-2005 11:18 AM
Failed to chroot apache 1.x dominant Linux - Security 10 11-28-2004 04:00 PM
chroot apache questions gypsy_rabbi Linux - Security 3 11-21-2004 06:12 PM
vsftpd chroot and Apache R4z0r Linux - Networking 1 09-19-2003 02:01 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 02:02 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration