DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=42341>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=42341 Summary: chroot patch directly after child creation Product: Apache httpd-2 Version: 2.2.4 Platform: PC OS/Version: Linux Status: NEW Severity: enhancement Priority: P2 Component: Core AssignedTo: [email protected] ReportedBy: [EMAIL PROTECTED] This patch adds support for chroot. It includes a new configuration directive named ChangeServerRoot (the name can be changed of course) which accepts On or Off whether or not to chroot to the directory specified in ServerRoot. chroot is called directly before changing to the non-privileged user. I succeeded to use subversion and php5 (including loading shared php extensions) with this patch. Everything happened as expected. I had to remove the check for an existing DocumentRoot as the DocumentRoot may not exist before chrooting. Additionally the patch will slightly change the way paths may be specified. It is necessary to distinguish between files that are opened within the child processes (e.g. files to be served to the client) and those the root process opens (log files...). The first type of files need to be specified as absolute paths. I am personally not sure why apache supports chroot only by using external modules and I think that chroot is a security feature that is worth to be included in the core of apache. Using the configuration directive people may choose to use this feature or not. By default, chroot will not used. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
