List Archive: gentoo-security
Note: Due to technical difficulties, the Archives are currently not up to date.
provides an alternative service for most mailing lists.c.f. bug 424647
On Saturday 04 November 2006 12:11, Joe Knall wrote:
> can/does mounting a partition with noexec, ro etc. provide additional
> security or are those limitations easy to circumvent?
> Example: webserver running chrooted
> all libs and executables (apache, lib, usr ...) on read only mounted
> partition /srv/www, data dirs (logs, htdocs ...) on
> partition /srv/www/data mounted with noexec (but rw of course), no cgi
> Server is started with "chroot /srv/www /apache/bin/httpd -k start".
> Any cognition? Is this useful, nice, nonsense?
> Keeping the chroot updated and so on is not my concern here.
Besides this, you must also add nodev to prevent those kinds of circumventions
Paul de Vrieze