On Wed, Dec 27, 2000 at 03:57:27PM -0800 or thereabouts, Nate Amsden wrote: > "R. M. Lampert" wrote: > > > > Hi, folks! > > > > Due to some very unpleasant experience in the company > > I'm working at (rootshell attack due to a buffer overflow > > intrusion in httpd...) there's a great need with us > > to inform thoroughly about changing to a safer environment, > > that is LAMP or even better NAMP (NetBSD, Apache ... there > > are some very unpalatable truths in the world, indeed!). > > > > Of topmost interest is building Apache and everything > > that is associated with it (particularly MySQL, PHP, Perl) > > within a chroot() environment to lock intruders within > > this special ,,root directory``. > > > > Do you know any pointer to chroot()-information that includes > > some kind of HOWTO rather than a list of advantages of this > > approach? > > > not to discourage youb ut its pretty well known chroot() is not > an ultimate solution for security, it has been in the past > rather easy to break out of it, from what i remember you > may be better off running freebsd and it's jail() (??) > function which is a suped up chroot(). all im trying to say what about OpenBSD (OAMP)? > is don't expect chroot() to improve seucrity much, a determined > cracker can defeat it(esp on linux) pretty easy. search BUGTRAQ > for the discussions on the latest BIND problems(probably > about 6 months ago..) interesting discussions. > > nate > > -- > ::: > ICQ: 75132336 > http://www.aphroland.org/ > http://www.linuxpowered.net/ > aphro@aphroland.org > > > -- > To UNSUBSCRIBE, email to debian-user-request@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org > -- -------------------------------------------------------------------- Key fingerprint = 9DE1 5825 77B4 FF45 7485 D3EB DCCF DE48 09B6 4426 -------------------------------------------------------------------- "Who's watching the watchmen?"
Attachment:
pgpTFvTCRvGDw.pgp
Description: PGP signature