Re: [mod-security-users] SecChrootDir - RH 8.0, Apache 2.0.40, an d PHP 4.2.2

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

>>  Yes. You didn't say whether you have anything running out of the
>>  cgi-bin? Whatever is in there (if anything) will probably need some
>>  runtime libraries too.
> 
> No, nothing in cgi-bin, but the MySQL access through PHP didn't work.  The
> PHP/MySQL libraries attempted to locate the MySQL socket file in
> /var/lib/mysql/mysql.sock, which was outside the jail, and thus couldn't be
> seen.  I tried a symlink of the MySQL socket file into the jailed
> /chroot/var/lib/mysql directory, but no joy.  

  In your PHP program, change the way you reference MySQL from
  'localhost' to '127.0.0.1'. That will force the client libraries
  not to use the domain socket but use the TCP/IP socket instead.
  Consequently, the chroot will no longer be a problem.

-- 
ModSecurity (http://www.modsecurity.org)
[ Open source IDS for Web applications ]