1 |
On Saturday 04 November 2006 12:11, Joe Knall wrote: |
2 |
> Hello, |
3 |
> |
4 |
> can/does mounting a partition with noexec, ro etc. provide additional |
5 |
> security or are those limitations easy to circumvent? |
6 |
> |
7 |
> Example: webserver running chrooted |
8 |
> all libs and executables (apache, lib, usr ...) on read only mounted |
9 |
> partition /srv/www, data dirs (logs, htdocs ...) on |
10 |
> partition /srv/www/data mounted with noexec (but rw of course), no cgi |
11 |
> needed. |
12 |
> Server is started with "chroot /srv/www /apache/bin/httpd -k start". |
13 |
> |
14 |
> Any cognition? Is this useful, nice, nonsense? |
15 |
> Keeping the chroot updated and so on is not my concern here. |
16 |
|
17 |
Besides this, you must also add nodev to prevent those kinds of circumventions |
18 |
|
19 |
Paul |
20 |
|
21 |
-- |
22 |
Paul de Vrieze |
23 |
Gentoo Developer |
24 |
Mail: pauldv@g.o |
25 |
Homepage: http://www.devrieze.net |