Re: [mod-security-users] Using SecChrootDir Directive
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Using SecChrootDir Directive
|
From: Ivan R. <iv...@we...> - 2005-04-30 15:20:28
|
Roman Medina-Heigl Hernandez wrote: > Ivan Ristic wrote: > > >> SecChrootDir /chroot/apache >> >> Everything else can remain outside jail but there are consequences >> (e.g. you won't be able to restart Apache, just stop-start it). > > And what about Perl/Python/* libraries needed for CGIs? Let's suppose we > have cgi-bin directory inside chroot jail (for instance, > /chroot/apache/www/cgi-bin). That's ok, but what will be happen when the > invoked cgi try to execute /usr/bin/perl or moreover when it needs > /usr/lib/perl/* files (all of them are out of the jail)? Nothing, it won't work. If you have a need for CGI scripts or any other type of external binary execution you will have to create a proper jail. You won't be needing mod_security. -- Ivan Ristic Apache Security (O'Reilly) - http://www.apachesecurity.net Open source web application firewall - http://www.modsecurity.org |
