[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ALPHA release of apache-1.0.0-1 now available

'Michael Alan Dorman wrote:'
>> /usr/lib/apache is my choice for serverroot.  Where the documents go
>> is site-specific.  I'd like to also include an option to chroot httpd
>> to /usr/local/http or somesuch.  Can dpkg install a package under some
>> arbitrary directory?  If so then the preinst script might be able to get
>> everything into /usr/local/http and run httpd under chroot (for the
>> security paranoid).
>Uh, why would you want to chroot the httpd?  Wouldn't that cause mondo 
>problems, especially if we try and get it to do stuff like dynaloading 
>modules, etc.?
For extra security.  Like any chroot environment, you need to copy all
the shared libs into $chroot.  But if a complete list were determined,
it could be done in the postinst.  Net Access is currently running
apache in a chroot environment for extra security.  I think it would
be nice to add this feature (My only problem is I'm not sure dpkg can
handle it - Ian?).

Christopher J. Fearnley            |    UNIX SIG Leader at PACS
cjf@netaxs.com (finger me!)        |    (Philadelphia Area Computer Society)
cfearnl@pacs.pha.pa.us             |    Design Science Revolutionary
http://www.netaxs.com/~cjf         |    Explorer in Universe
"Dare to be Naive" -- Bucky Fuller |    Linux Advocate

Reply to: