mod_perl and chrooting question

[Gunther Birznieks <gu...@extropia.com>]

OK, I think a few weeks ago we had agreed that the front-end proxy should 
be chrooted away from the back-end mod_perl server (each in its own chroot 
jail). So we are working on getting a sample setup (for our own site).

However, the resources that were posted strongly warn against doing any 
hard linking of resources (eg shared libraries and binaries) between and 
outside the chroot jails.

The authors do not state why though.

My thought is that /lib is going to all be owned by root and not writable. 
The only way to alter these files is to get root access within the chroot 
jail. And if you have root access within the chroot jail then you can 
escape chroot anyway.

So is there really a vulnerability?

I am concerned because I wonder if all the shared libraries that are copied 
to /lib in the chroot jail will cause me to have double the RAM taken up by 
duplicates of various shared libraries (for those running in the HTTP 
front-end server chroot jail and those running in the mod_perl backend 
chroot jail).

Thanks,
     Gunther

__________________________________________________
Gunther Birznieks (gunther.birznieks@extropia.com)
eXtropia - The Web Technology Company
http://www.extropia.com/