Re: Putting Apache, PHP, Tomcat and CGI in a jail

To: debian-security@lists.debian.org
Cc: jfs@computer.org
Subject: Re: Putting Apache, PHP, Tomcat and CGI in a jail
From: Martynas Domarkas <md@hansa.lt>
Date: 05 Jan 2003 12:35:49 +0200
Message-id: <[🔎] 1041762949.316.247.camel@otpaba>

The first thing I do not like is that makejail needs a lot of additional
software: python, stat, file etc.. As we all know, on production systems
is better to have less software because of potential security holes. OK,
we can remove all software after instalation, but how to upgrade then
chrooted applications, install python, etc. again? Second, it does not
create $CHROOT/etc/passwd and $CHROOT/etc/group correct. We can do it by
hand, but can we trust a program (script) which can not do: 
gawk -F":" '$1 ~ /apache/' /etc/passwd > $CHROOT/etc/passwd
? I do not think so. Now I try write a script for creation of chrooted
environment which uses standart unix tools: bash, ldd, gawk (awk), grep,
file. In case of success I send link to you ;-)

Regards,
Martynas

Sk, 2003-01-05 02:16, Javier Fernández-Sanguino Peña rašė:
> On Sat, Jan 04, 2003 at 09:00:45PM +0200, Martynas Domarkas wrote:
> > Hi, I'm currently trying to use makejail... it does not work very
good.
> 
> 	Could you elaborate more on this? I would like to know which issues
> have you come up with.
> 
> 	Also, you might want to take a loot at the (recent) Appendix added
> to the "Securing Debian Manual" on how to setup a chroot environment
for
> Apache:
>
http://www.debian.org/doc/manuals/securing-debian-howto/ap-chroot-apache-env.en.html
> 
> 	Regards
> 
> 	Javi

Reply to:

Prev by Date: Re: How to get the current security updates on CD?
Next by Date: Re: Putting Apache, PHP, Tomcat and CGI in a jail
Previous by thread: Re: Putting Apache, PHP, Tomcat and CGI in a jail
Next by thread: chrooting bind9
Index(es):
- Date
- Thread