I would suggest using chroot and grSecurity jail restrictions -
unfortunately that is not available in RHEL. Chroot without kernel
restrictions is not of much help - if somebody really wants to break out
of it, it is possible.
Regards,
Daniel
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Ed Greshko
Sent: Monday, January 28, 2008 8:26 AM
To: Red Hat Enterprise Linux 5 (Tikanga) discussion mailing-list
Subject: Re: [rhelv5-list] apache chroot
Benjamin Franz wrote:
> On Mon, 28 Jan 2008, John Summerfield wrote:
>
>> solarflow99 wrote:
>>> I wonder if anyone has run apache like this? it seems interesting
>>> that only bind runs in a root jail..
>>
>> I'm not sure that there's any point except for the most paranoid,
>> given well-configured enforcing selinux.
>
> Security problems come in many guises. One of the most insidious is a
> security system that causes more problems than the things it purports
> to protect against.
>
> When you understand why passwords made of thirty completely random
> alpha/non-alpha characters are a really bad idea in general practice
> despite having excellent theoretic justifications, you will also
> understand why SELinux is _also_ a very bad idea in general practice,
> despite having a good base in theory.
>
> Or to put it another way: "The more they overthink the plumbing, the
> easier it is to stop up the drain."
In that case, you may want to actually provide a solution/suggestion
instead of supposedly poking holes in other peoples suggestions. All
you've done is poured hot grease down a cold drain.
--
Fifth Law of Procrastination:
Procrastination avoids boredom; one never has the feeling that
there is nothing important to do.
_______________________________________________
rhelv5-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/rhelv5-list
_______________________________________________
rhelv5-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/rhelv5-list
