Applications that allow something like
can escape a chroot jail.
There is a PAM configuration file in /etc/security called chroot.conf. It may make a chroot jail more secure since it involves PAM. I don't know.
We have to remember that the chroot utility was not created as a security device. It was created for programmers to create a test environment for their software. Therefore it is not necessarily very secure unless the account that you have chroot jailed is unable to do the kind of thing that I listed above. That's why vsftpd is more secure than ftpd.
This was, and may still be, a concern for web server administrators because you might allow someone to put a URL such as
Code:
www.my.place/../../../
You may be able to configure Apache to prevent this. I'm sure that you can configure Apache to not allow file lists to be displayed to web clients.
Just something to think about.