> I am researching on the best way to chroot an Apache server. According
> to all the documentation that I could find, it seems to suggest that I
> should not hard link shared libraries and binaries into the chroot
> jail. Rather, I should make seperate copies of them. I was thinking
> that this would save both harddisk space and memory, and not
> compromise security. Since every process that is runned in the jail is
> non-root. Of course, setuid binaries and useless /dev entries would
> not be linked in.
the idea behind making seperate copies is to avoid anyone who manages to
get control of the service from being able to affect anything else on the
system. if you just hard link the files, they could potentially affect
other services or the system as a whole by modifying those files.
later
marty
"I can't buy what I want because it's free. Can't be what they want
because I'm me." - Corduroy, Pearl Jam
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug
