Re: [d-security] Re: SECURITY HOLE in MySQL module in PHP

To: debian-security@lists.debian.org
Subject: Re: [d-security] Re: SECURITY HOLE in MySQL module in PHP
From: Ralf Dreibrodt <ralf@dreibrodt.de>
Date: Tue, 19 Feb 2002 00:08:28 +0100
Message-id: <[🔎] 3C71896C.13EE0B60@dreibrodt.de>
References: <[🔎] Pine.LNX.4.33.0202062159470.24262-100000@aurora.nsu.ru> <[🔎] 3C615933.9DC2B8B9@dreibrodt.de> <[🔎] 20020206163123.GD22819@westend.com> <[🔎] 20020218171859.GA29731@dat.etsit.upm.es>

Hi,

Javier Fernández-Sanguino Peña wrote:
> 
> On Wed, Feb 06, 2002 at 05:31:23PM +0100, Christian Hammers wrote:
> > On Wed, Feb 06, 2002 at 05:26:27PM +0100, Ralf Dreibrodt wrote:
> > > just run apache chrooted and you don?t have problems like this.
> > Doesn't work well if you have multiple virtual hosts on one server.
> >
> 
> Could someone give a sample setup for the Debian-Security-HOWTO? With
> a sample setup I mean one which can be easily made based on the
> standard Debian configuration (not a referral to the Chrooting-HOWTO).

just "mkdir /chroot", copy some basic files to /chroot, then "chroot
/chroot" and apt-get install apache.

i don´t think, that chrooting apache is easy (or even possible) in a
packet.
you need nearly everything in chroot (e.g. perl, c-compiler and so on).

bye
Ralf

Reply to:

References:
- SECURITY HOLE in MySQL module in PHP
  - From: "Dmitry N. Hramtsov" <hdn@nsu.ru>
- Re: SECURITY HOLE in MySQL module in PHP
  - From: Ralf Dreibrodt <ralf@dreibrodt.de>
- Re: [d-security] Re: SECURITY HOLE in MySQL module in PHP
  - From: Christian Hammers <ch@westend.com>
- Re: [d-security] Re: SECURITY HOLE in MySQL module in PHP
  - From: Javier Fernández-Sanguino Peña <jfs@computer.org>

Prev by Date: Makejail
Next by Date: Re: I want to test my firewall from the outside
Previous by thread: Re: [d-security] Re: SECURITY HOLE in MySQL module in PHP
Next by thread: Re: SECURITY HOLE in MySQL module in PHP
Index(es):
- Date
- Thread