Re: chroot-ed httpd

• To: jerryb@howpubs.com (Jerry Busser)
• Subject: Re: chroot-ed httpd
• From: tauzell@math.umn.edu
• Date: Wed, 1 May 1996 16:33:24 -0500 (CDT)
• Cc: www-security@ns2.rutgers.edu
• In-Reply-To: <199604291748.MAA04845@muns149.munster> from "Jerry Busser" at Apr 29, 96 12:48:48 pm

> 
> All --
> 
> I'm running NCSA's HTTP daemon, and one of the security measures that they mention but neither support nor especially endorse is running httpd in a chroot-ed environment. My question to everyone is: Is it worth it? To date we do not run our httpd chroot-ed, but I am going to overhaul our Web server in the near future and I'm wondering whether I should consider restructuring the filesystem to make it more hospitable for the chroot-ed daemon.

We run NCSA httpd chrooted on our server.  The main reason was so
that students could write CGI programs.  How much extra security it
gives us is hard to say, but it can't hurt.  I am now trying to 
install NCSA httpd 1.5.1 on Solaris and run it chrooted, but am having
problems.  Anyone out there done this?  Specifically , it can't create
sockets for the children.


---
David Tauzell         Math Dept. Systems Staff
Office  Phone: 625-4895

• Re: chroot-ed httpd
• From: pyb@silogic.fr (Pierre-Yves Bonnetain)
• Re: chroot-ed httpd
• From: Scott Barman <scott@di2.disclosure.com>

• chroot-ed httpd
• From: jerryb@howpubs.com (Jerry Busser)

• Previous: RE: chroot-ed httpd
• Next: Looking for specialized company in simulating attacks
• Index(es):
  • Index
  • Thread