You are viewing a plain text version of this content. The canonical link for it is here.
Posted to modperl@perl.apache.org by Gunther Birznieks <gu...@extropia.com> on 2000/12/23 04:05:03 UTC
mod_perl and chrooting question
OK, I think a few weeks ago we had agreed that the front-end proxy should
be chrooted away from the back-end mod_perl server (each in its own chroot
jail). So we are working on getting a sample setup (for our own site).
However, the resources that were posted strongly warn against doing any
hard linking of resources (eg shared libraries and binaries) between and
outside the chroot jails.
The authors do not state why though.
My thought is that /lib is going to all be owned by root and not writable.
The only way to alter these files is to get root access within the chroot
jail. And if you have root access within the chroot jail then you can
escape chroot anyway.
So is there really a vulnerability?
I am concerned because I wonder if all the shared libraries that are copied
to /lib in the chroot jail will cause me to have double the RAM taken up by
duplicates of various shared libraries (for those running in the HTTP
front-end server chroot jail and those running in the mod_perl backend
chroot jail).
Thanks,
Gunther
__________________________________________________
Gunther Birznieks (gunther.birznieks@extropia.com)
eXtropia - The Web Technology Company
http://www.extropia.com/