Re: High security

2008-05-07 Thread Mathieu CARBONNEAUX
hi all, sorry to enter so later in the discution... i'm ok with you torsten (+1), i think is the good place to do it, think adding hook like pre_childinit that occure before unixd_setup_child remove the root rigth (in child_init you lost the root right juste before) can be more generic way.

Re: High security

2008-05-06 Thread Nick Gearls
If there's a chance to add it, I'm ready to write the doc patch Nick Dirk-Willem van Gulik wrote: On May 6, 2008, at 3:27 PM, Nick Gearls wrote: Just a little adding: by adding LoadFile libgcc_s.so.1 in httpd.conf, I don't have any more file in the chroot (except htdocs if not in pure

Re: High security

2008-05-06 Thread Dirk-Willem van Gulik
On May 6, 2008, at 4:12 PM, Nick Gearls wrote: If there's a chance to add it, I'm ready to write the doc patch Lets get that in there - and then lets (or I'll) backport it - so it goes into the next release. Dirk-Willem van Gulik wrote: On May 6, 2008, at 3:27 PM, Nick Gearls wrote:

Re: High security

2008-05-06 Thread Plüm , Rüdiger , VF-Group
-Ursprüngliche Nachricht- Von: Dirk-Willem van Gulik Gesendet: Dienstag, 6. Mai 2008 16:20 An: dev@httpd.apache.org Betreff: Re: High security On May 6, 2008, at 4:12 PM, Nick Gearls wrote: If there's a chance to add it, I'm ready to write the doc patch Lets get

re: High security

2008-05-06 Thread Plüm , Rüdiger , VF-Group
-Ursprüngliche Nachricht- Von: Dirk-Willem van Gulik Gesendet: Dienstag, 6. Mai 2008 17:00 An: dev@httpd.apache.org Betreff: Re: High security On May 6, 2008, at 4:12 PM, Nick Gearls wrote: If there's a chance to add it, I'm ready to write the doc patch I did below

Re: High security

2008-05-06 Thread Dirk-Willem van Gulik
On May 6, 2008, at 5:03 PM, Plüm, Rüdiger, VF-Group wrote: -Ursprüngliche Nachricht- Von: Dirk-Willem van Gulik Gesendet: Dienstag, 6. Mai 2008 17:00 An: dev@httpd.apache.org Betreff: Re: High security On May 6, 2008, at 4:12 PM, Nick Gearls wrote: If there's a chance to add

Re: High security

2008-05-06 Thread Nick Gearls
Can you tell me where to find the XML doc file ? It's not obvious from the site :-( Thanks, Nick Dirk-Willem van Gulik wrote: On May 6, 2008, at 4:12 PM, Nick Gearls wrote: If there's a chance to add it, I'm ready to write the doc patch Lets get that in there - and then lets (or I'll)

Re: High security

2008-05-06 Thread Sander Temme
On May 6, 2008, at 8:10 AM, Nick Gearls wrote: Can you tell me where to find the XML doc file ? It's not obvious from the site :-( Check out the httpd trunk: svn co http://svn.apache.org/repos/asf/httpd/httpd/trunk httpd and the XML file we're talking about will be

Re: High security

2008-01-29 Thread Nick Gearls
I'm running the patch for one week on a production server, and it works perfectly (http://svn.apache.org/viewvc?view=revrevision=611483). When using Apache as a reverse proxy, the chroot environment is totally empty (except libgcc_s.so.1). Could we include this in next build ? As it is very

Re: High security

2008-01-28 Thread Ivan Ristic
On Jan 25, 2008 1:30 PM, Nick Kew [EMAIL PROTECTED] wrote: ... A compromise might be to create a chroot hook and allow module developers to use it. This would shift the support burden somewhat from the core Apache team to those willing to engage the users providing support. Isn't

Re: High security

2008-01-25 Thread Ivan Ristic
I don't think this should be a discussion of whether chroot is worth using as a security measure. IMHO it should be about allowing Apache users to make a choice whether they will use chroot in this way or not. I am usually an advocate for user choice. For example, I am well aware of the various

Re: High security

2008-01-25 Thread Torsten Foertsch
On Fri 25 Jan 2008, Nick Kew wrote:  A compromise might be to create a chroot hook and allow module developers to use it. This would shift the support burden somewhat from the core Apache team to those willing to engage the users providing support. Isn't that basically the status quo

Re: High security

2008-01-25 Thread Nick Kew
On Fri, 25 Jan 2008 11:31:32 + Ivan Ristic [EMAIL PROTECTED] wrote: I don't think this should be a discussion of whether chroot is worth using as a security measure. IMHO it should be about allowing Apache users to make a choice whether they will use chroot in this way or not. +1. For

High security

2008-01-24 Thread Nick Gearls
Hello, As some may now, ModSecurity adds a very easy and effective way to put Apache in jail, but chrooting the process after its initialisation, thus putting all listening processes in jail. You specify one directive, and the only thing you have to put in the jail is your htdocs and logs

Re: High security

2008-01-24 Thread Colm MacCarthaigh
On Thu, Jan 24, 2008 at 01:10:23PM +0100, Nick Gearls wrote: You specify one directive, and the only thing you have to put in the jail is your htdocs and logs directories; all other files (conf, modules, httpd, libraries, etc.) are outside of the jail. This is really top security - it's

RE: High security

2008-01-24 Thread Plüm , Rüdiger , VF-Group
-Original Message- From: Colm MacCarthaigh [mailto:[EMAIL PROTECTED] Sent: Donnerstag, 24. Januar 2008 13:16 To: dev@httpd.apache.org Subject: Re: High security On Thu, Jan 24, 2008 at 01:10:23PM +0100, Nick Gearls wrote: You specify one directive, and the only thing you have

Re: High security

2008-01-24 Thread Nick Gearls
Message- From: Colm MacCarthaigh [mailto:[EMAIL PROTECTED] Sent: Donnerstag, 24. Januar 2008 13:16 To: dev@httpd.apache.org Subject: Re: High security On Thu, Jan 24, 2008 at 01:10:23PM +0100, Nick Gearls wrote: You specify one directive, and the only thing you have to put in the jail is your

Re: High security

2008-01-24 Thread Ruediger Pluem
On 01/24/2008 04:55 PM, Nick Gearls wrote: Yes, chroot could potentially be escaped. Although, if you chroot the main process, then you spawn child processes under another userid, like in standard Apache config under Unix, I expect it to be really very difficult to escape if 1. you are