1. 15
    qorg’s experiences with OpenBSD openbsd qorg11.net
    PengouinBSD avatar via PengouinBSD 12 months ago |
    Archive.org Archive.today Ghostarchive
    | 2 comments
  1. 1
    nalzok avatar nalzok 12 months ago | link

    One of the features of this webserver is that chroots to a directory. Meaning that, to the web server, anything before the given directory (/var/www by default), does not exist. So if a vulnerability is found, the attacker can’t do much things, as the attacker can’t go beyond /var/www.

    Apparently, chroot is not a security feature on Linux. Is that true on *BSD?

    1. 1
      fcbsd avatar fcbsd 12 months ago | link

      As chroot(8) caveats sections states:

      chroot should never be installed setuid root, as it would then be possible to exploit the program to gain root privileges.

      so chroot(8) like the article states it is a hardening feature even on OpenBSD.