| 1 |
On Saturday 04 November 2006 12:11, Joe Knall wrote: |
| 2 |
> Hello, |
| 3 |
> |
| 4 |
> can/does mounting a partition with noexec, ro etc. provide additional |
| 5 |
> security or are those limitations easy to circumvent? |
| 6 |
> |
| 7 |
> Example: webserver running chrooted |
| 8 |
> all libs and executables (apache, lib, usr ...) on read only mounted |
| 9 |
> partition /srv/www, data dirs (logs, htdocs ...) on |
| 10 |
> partition /srv/www/data mounted with noexec (but rw of course), no cgi |
| 11 |
> needed. |
| 12 |
> Server is started with "chroot /srv/www /apache/bin/httpd -k start". |
| 13 |
> |
| 14 |
> Any cognition? Is this useful, nice, nonsense? |
| 15 |
> Keeping the chroot updated and so on is not my concern here. |
| 16 |
|
| 17 |
Besides this, you must also add nodev to prevent those kinds of circumventions |
| 18 |
|
| 19 |
Paul |
| 20 |
|
| 21 |
-- |
| 22 |
Paul de Vrieze |
| 23 |
Gentoo Developer |
| 24 |
Mail: pauldv@g.o |
| 25 |
Homepage: http://www.devrieze.net |
Archives