1. 15
  1.  

  2. 1

    One of the features of this webserver is that chroots to a directory. Meaning that, to the web server, anything before the given directory (/var/www by default), does not exist. So if a vulnerability is found, the attacker can’t do much things, as the attacker can’t go beyond /var/www.

    Apparently, chroot is not a security feature on Linux. Is that true on *BSD?

    1. 1

      As chroot(8) caveats sections states:

      chroot should never be installed setuid root, as it would then be possible to exploit the program to gain root privileges.

      so chroot(8) like the article states it is a hardening feature even on OpenBSD.