1 |
Hello, |
2 |
|
3 |
can/does mounting a partition with noexec, ro etc. provide additional |
4 |
security or are those limitations easy to circumvent? |
5 |
|
6 |
Example: webserver running chrooted |
7 |
all libs and executables (apache, lib, usr ...) on read only mounted |
8 |
partition /srv/www, data dirs (logs, htdocs ...) on |
9 |
partition /srv/www/data mounted with noexec (but rw of course), no cgi |
10 |
needed. |
11 |
Server is started with "chroot /srv/www /apache/bin/httpd -k start". |
12 |
|
13 |
Any cognition? Is this useful, nice, nonsense? |
14 |
Keeping the chroot updated and so on is not my concern here. |
15 |
|
16 |
Thanks, Joe |
17 |
-- |
18 |
gentoo-security@g.o mailing list |