27 Nov
2002
27 Nov
'02
10:59
Patrick Schneider wrote:
Why should I use then chroot, if an exploit can circumvent it??
If someone has an account on your box (your webserver also does!) he can mostly ever DoS your box. (Sure you can protect your box from DoS with ulimit etc...)A chroot (jail) is just to prevent simple attacks on binarys etc. like if your apache has a hole, someone can use this hole to exploit local programms etc. thats the reason why you use a chroot -> remove unneeded binarys from the webserver access. Google also about breaking out a chroot. In the most cases a chroot can be broken in a few minutes... HTH