On Saturday 04 November 2006 12:11, Joe Knall wrote: > Hello, > > can/does mounting a partition with noexec, ro etc. provide additional > security or are those limitations easy to circumvent? > > Example: webserver running chrooted > all libs and executables (apache, lib, usr ...) on read only mounted > partition /srv/www, data dirs (logs, htdocs ...) on > partition /srv/www/data mounted with noexec (but rw of course), no cgi > needed. > Server is started with "chroot /srv/www /apache/bin/httpd -k start". > > Any cognition? Is this useful, nice, nonsense? > Keeping the chroot updated and so on is not my concern here.
Besides this, you must also add nodev to prevent those kinds of circumventions Paul -- Paul de Vrieze Gentoo Developer Mail: [EMAIL PROTECTED] Homepage: http://www.devrieze.net
pgpDT9HR5gnKK.pgp
Description: PGP signature
