Re: [suse-security] Chrooted services

[Togan Muftuoglu <toganm@xxxxxxxxxxxxxxxxxxxxx>]

* Togan Muftuoglu; <toganm@xxxxxxxxxxxxxxxxxxxxx> on 12 Dec, 2003 wrote:
> * Volker Kuhlmann; <hidden@xxxxxxxxxxxxxxx> on 12 Dec, 2003 wrote:
> > > here are the apps I am planning to run 
> > >
> > > apache with mod-php mod_perl and mod_ssl
> > > squirrelmail
> > > wu-imap
> > > snmpd
> > > squid
> >
> > sshd would be cool too...
>
> OK I'll add it to my wish list along with cups. Now here is the approach
> I am planning to take
>
> 3)Modify the /etc/init.d/SERVICE file to include the chroot setup 
> so I do not have to worry about if I need to prepare the chroot
> environment or not

http://www.debian.org/doc/manuals/securing-debian-howto/ap-chroot-apache-env.en.html

case "$1" in
      start)
        echo -n "Starting web server: $NAME"
        mount -t proc proc /var/chroot/apache/proc

The Debian howto has the part which is mounting the proc file system in
the chroot directory of apache. However I have not find another document
that suggests such a mount.

The questions I have are:

1)What do I achieve my mounting "proc" under the chrooted directory ? 
2)For what other types of programs mounting the proc under the chrooted
directory is recommended ? 

Thanks
--

Togan Muftuoglu
Unofficial SuSE FAQ Maintainer		Please reply to the list;
http://susefaq.sf.net			Please don't CC me.



--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here