Hello,
can/does mounting a partition with noexec, ro etc. provide additional
security or are those limitations easy to circumvent?
Example: webserver running chrooted
all libs and executables (apache, lib, usr ...) on read only mounted
partition /srv/www, data dirs (logs, htdocs ...) on
partition /srv/www/data mounted with noexec (but rw of course), no cgi
needed.
Server is started with "chroot /srv/www /apache/bin/httpd -k start".
Any cognition? Is this useful, nice, nonsense?
Keeping the chroot updated and so on is not my concern here.
Thanks, Joe
--
gentoo-security@gentoo.org mailing list
can/does mounting a partition with noexec, ro etc. provide additional
security or are those limitations easy to circumvent?
Example: webserver running chrooted
all libs and executables (apache, lib, usr ...) on read only mounted
partition /srv/www, data dirs (logs, htdocs ...) on
partition /srv/www/data mounted with noexec (but rw of course), no cgi
needed.
Server is started with "chroot /srv/www /apache/bin/httpd -k start".
Any cognition? Is this useful, nice, nonsense?
Keeping the chroot updated and so on is not my concern here.
Thanks, Joe
--
gentoo-security@gentoo.org mailing list