https://issues.apache.org/bugzilla/show_bug.cgi?id=43596
--- Comment #8 from Bj <[EMAIL PROTECTED]> 2008-09-09 05:34:24 PST --- Please read the whole story. It is about being able to escape from chroot as root. Even Alan Cox himself tells us, that it is only about this. As a normal user you do not have the right to use chroot at all. That is why using chroot in combination with a non-privileged user is and will ever be a security feature. Why do so many server application support chroot? Do you think they have implemented support for chroot because it is only a "nice to have"-feature? Many people use third party php projects (like phpbb). Some of them have security flaws that could be prevented by using chroot. This would e.g. stop the spread of worms. Using chroot it is not possible for an attacker to get any kind of remote shell access, because there is simply no shell in the chroot tree. Of course using chroot is not an excuse for not updating your software. But as e.g. grsec is neither an excuse, it is a method to give the system administrators time to update their software by preventing security flaws from being exploited. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
