Re: Apache Virtual Hosts Chroot ?

To: Paul Hampson <Paul.Hampson@anu.edu.au>, debian-security@lists.debian.org, debian-isp@lists.debian.org
Subject: Re: Apache Virtual Hosts Chroot ?
From: Ralf Dreibrodt <rd@mesos.de>
Date: Wed, 19 Mar 2003 14:35:53 +0100
Message-id: <3E787239.DF73A771@mesos.de>
References: <3626546DC152134382A0A029C29365C6013931@net-mail.int.netways.de> <20030319130321.GC24029@keitarou.bubblesworth.net>

Paul Hampson wrote:
> 
> You can effectively chroot php files with:
> php_admin_value open_basedir /directory/where/files/are
> in the Apache virtual host config. Then:
> a) php4 won't let files outside that directory be accessed;

No:
- Hard links
- Commands executed with "system" can access files outside this
directory
- you can also access files in /directory/where/files/are2 or is this
bug already solved?

There are probably other possibilities to access files outside this
directory.

open_basedir has nothing to do with chroot, they are two different
things.

Regards,
Ralf Dreibrodt

-- 
Mesos            Telefon 49 221 4855798-1
Eupener Str. 150 Fax     49 221 4855798-9
50933 Koeln      Mail    rd@mesos.de

Reply to:

Follow-Ups:
- Re: Apache Virtual Hosts Chroot ?
  - From: Paul Hampson <Paul.Hampson@anu.edu.au>

References:
- Re: Apache Virtual Hosts Chroot ?
  - From: Paul Hampson <Paul.Hampson@anu.edu.au>

Prev by Date: Re: Apache Virtual Hosts Chroot ?
Next by Date: Re: Apache Virtual Hosts Chroot ?
Previous by thread: Re: Apache Virtual Hosts Chroot ?
Next by thread: Re: Apache Virtual Hosts Chroot ?
Index(es):
- Date
- Thread