1. 15
    qorg’s experiences with OpenBSD openbsd qorg11.net
    PengouinBSD avatar via PengouinBSD 1 year ago |
    Archive.org Archive.today Ghostarchive
    | 2 comments
    1. 1
      nalzok avatar nalzok 1 year ago | link

      One of the features of this webserver is that chroots to a directory. Meaning that, to the web server, anything before the given directory (/var/www by default), does not exist. So if a vulnerability is found, the attacker can’t do much things, as the attacker can’t go beyond /var/www.

      Apparently, chroot is not a security feature on Linux. Is that true on *BSD?

      1. 1
        fcbsd avatar fcbsd 1 year ago | link

        As chroot(8) caveats sections states:

        chroot should never be installed setuid root, as it would then be possible to exploit the program to gain root privileges.

        so chroot(8) like the article states it is a hardening feature even on OpenBSD.