|
OpenBSD Security Functionally paranoid! |
|
Thread Tools | Display Modes |
|
|||
apache 2.2.8 , is it on chroot by default?
Hi,
I've just started with openbsd .... I've seen that the default httpd is chrooted, but I need Apache 2.2. So installed the pkg ... I see it running a s _apache2 user ... but I didn't understood if actually is under chroot or not. Do we have to chroot it manually?. I guess is the same for the mysql pkg right?? thanks |
|
|||
mmm I see.
well ... I need load balancing on mongrel (rails) .... I don't see a way to get it with apache 1.3, right? May I ask if also mysql must be chrooted? looks like mysql_safe does already some fix (and I did a safe_install removing test etc. etc.) |
|
||||
The package message for apache-httpd-2.2.8 says:
Quote:
Your SQL client libraries, and any other executable code required with your webserver, must be available in your chrooted environment. See FAQ 10.16 for guidance. Your SQL server, if connected via TCP, need not be chrooted, nor even on the same server. |
|
|||
I'm sorry ... I need a little help on this one....
I've done my chroot dir in /var/chroot/http. Copy all the lib, config files, dev/log dev/null etc. etc. but my http2 won't start ... the error_log says [crit] (6)Device not configured: apr_proc_detach failed I'm trying to understand what's going on doing a ktrace/kdump, grepping on open ... but in my dump I don't get any symbols ... just hex addrs like ... open(oxcfbc2,0,0) Any idea on how to get a dump with simbols? Do I need to re-compile http2? Thanks |
|
|||
nevermind ... it's something else....
I was grepping for "open" instead of NAM|open ... anyhow ... it's a wird failure, the last line of the kdump is a sigprocmask and then a exit(0). should be some device ... but I made the /dev/null, /dev/random, /dev/urandom into the chroot directory... :-(( |
|
|||
Ok,
just in case someone can help me .. the error is apparently due to /dev/crypto. I made the mknod under /jail/dev/ .... and it's there. but from kdump it says: "open -1 errno 6 Device not configured" ..... totally lost. Any idea? Thanks |
|
|||
/dev/crypto and /dev/random are related to "hardware" cryptography devices, I have to believe you've configured something incorrectly.
|
|
|||
well ... yes I guess.
but httpd2 does try to get /dev/crypto from the ktrace .. and also in the apache2 conf there is something about that for SSL (see the last part of http.conf). I've tried also commenting out the SSL loadmodule ... but still same error 6 device not configured. oh boy .. looks like I'm not able to get this chroot working for apache2 ... I'll try to see if using mod_chroot I'm more lucky ... |
|
||||
Rather than attempting to build /dev or /usr piecemeal, you could replicate them in their entirety. In this way, you will learn if Apache2 can run chrooted or not.
I have never used the application, but I have noted that grepping for "chroot" in the package documentation and man pages comes up empty. |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Chroot web-browsing | Oko | OpenBSD Security | 1 | 29th December 2008 01:37 PM |
Default Apache won't read .css file | erehwon | OpenBSD General | 23 | 21st September 2008 10:21 PM |
Upgrading application not installed in default port directory APACHE | ijk | FreeBSD Ports and Packages | 5 | 13th July 2008 04:34 PM |
chroot/jailing users | Weaseal | FreeBSD Security | 6 | 18th May 2008 07:44 AM |
scponly not working with chroot | hamba | FreeBSD Security | 3 | 15th May 2008 05:18 PM |