Re: putting Apache into chroot()-prison
From what I've been able to gather,
chroot can be secure,
but only if the user can never get root.
FreeBSD's jail had a recent problem.
Mounting /proc inside the chroot is not a good idea.
In a message dated 12/27/00 7:01:21 PM Eastern Standard Time,
not to discourage youb ut its pretty well known chroot() is not
an ultimate solution for security, it has been in the past
rather easy to break out of it, from what i remember you
may be better off running freebsd and it's jail() (??)
function which is a suped up chroot(). all im trying to say
is don't expect chroot() to improve seucrity much, a determined
cracker can defeat it(esp on linux) pretty easy. search BUGTRAQ
for the discussions on the latest BIND problems(probably
about 6 months ago..) interesting discussions.