On Thu, 3 Apr 2003, Paolo Alexis Falcone wrote: > > VectorLinux? > > then use a chrooted mini_httpd (from Jef Poskanzer) as the web server. > > Would there be a great significance in security if an HTTP server would > run in a chroot() environment? I think this just adds administration > woes with not much security gains (although for this occasion, we need > to muster all the security options we can muster from the kernel > up to userland software) :-) >
well if the goal is to deface the webpage, a chrooted httpd is of no use. but if the goal is to add a user at the real /etc/passwd, then having a chrooted webserver makes a big difference. pong _ Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] Fully Searchable Archives With Friendly Web Interface at http://marc.free.net.ph To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL PROTECTED]
