--Steve Shockley wrote on 01.10.2002 09:18 -0400:
> Recently, OpenBSD has changed Apache to run chroot /var/www. Before I spend
> hours tracing it out, what's the feasibility of getting either webmail or
> webadmin to run in a chroot?
Same procedure as always, populate the new root with all
necessary directories and libraries. For a start:
$ ldd webmail
webmail:
libmysqlclient.so.10 => /usr/local/lib/mysql/libmysqlclient.so.10
(0x280c5000)
libz.so.2 => /usr/lib/libz.so.2 (0x280e0000)
libcrypt.so.2 => /usr/lib/libcrypt.so.2 (0x280ed000)
libm.so.2 => /usr/lib/libm.so.2 (0x28106000)
libc.so.4 => /usr/lib/libc.so.4 (0x28122000)
And of course all the maildirs have to be below that root.
For webadmin this also would include perl, but you shure
dont want any setuid-root-binaries there because they could
be used to escape from the chroot.
Check out jail(8) on FreeBSD, where even root cant escape.
Roland
-------------------------------------------------------
This sf.net email is sponsored by: DEDICATED SERVERS only $89!
Linux or FreeBSD, FREE setup, FAST network. Get your own server
today at http://www.ServePath.com/indexfm.htm
_______________________________________________
courier-users mailing list
[EMAIL PROTECTED]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
