1. 15
    1. 1

      One of the features of this webserver is that chroots to a directory. Meaning that, to the web server, anything before the given directory (/var/www by default), does not exist. So if a vulnerability is found, the attacker can’t do much things, as the attacker can’t go beyond /var/www.

      Apparently, chroot is not a security feature on Linux. Is that true on *BSD?

      1. 1

        As chroot(8) caveats sections states:

        chroot should never be installed setuid root, as it would then be possible to exploit the program to gain root privileges.

        so chroot(8) like the article states it is a hardening feature even on OpenBSD.