On Thu, Jan 24, 2008 at 01:10:23PM +0100, Nick Gearls wrote: > You specify one directive, and the only thing you have to put in the > jail is your htdocs and logs directories; all other files (conf, > modules, httpd, libraries, etc.) are outside of the jail. This is really > top security - it's almost impossible to find something to hack.
Well don't kid yourself, it makes privilege escalation by certain routes much harder, but it's not even clost to almost impossible. There are many forms of IPC available between the children and the root-level Apache process anyway, and if you manage to exploit that it's game over anyway (including breaking out of the jail). > Unfortunately, the only thing that does not work is a graceful restart, > as the process has no more access to all normal files. > Couldn't it be possible to separate the main process in 2 - one real > master performing the start/stop/restart, and one "almost main" chrooted > process which would spawn the listening children processes ? > The chrooted process could be implemented in the core, or it could be > left to ModSecurity. It'd be a new MPM. > That would be the top security, much more secure than any solution based > on IIS for instance. > Do you think this could be envisioned ? Can't see it happening personally. -- Colm MacCárthaigh Public Key: [EMAIL PROTECTED]
