cgi chroot

S

subhuti

Member
#1
#1
Hello!
I've found interesting information on your website

"chroot jail" is to have a CGI script started under an assigned alternative root directory, the script can not access files beyond the new root directory. With it, you no longer need to worry about confidential system files being exposed by vulnerable scripts.
Click to expand...
(http://www.litespeedtech.com/docs/webserver/security/)
also
I see interesting options in the litespeed admin console
such as "ExtApp Chroot Mode"
I've changed it to virtualhost root but I was able to access system files from cgi (for example python "print open('/etc/passwd','r').read() )
so I'm trying to figure out what does all this means:
I understand that I can put litespeed server in chroot but how I can put separate cgi script in chroot
 
M

mistwang

LiteSpeed Staff
#2
#2
You need to build the jail environment for the script, otherwise, it wont work.
If you want per account chroot, you may have to use Cloud Linux SecureLVE, otherwise, it is pretty hard to maintain the chroot jail. Our 4.0.20 release should support SecureLVE on plain centos.
 
S

subhuti

Member
#3
#3
mistwang said:
You need to build the jail environment for the script, otherwise, it wont work.
If you want per account chroot, you may have to use Cloud Linux SecureLVE, otherwise, it is pretty hard to maintain the chroot jail. Our 4.0.20 release should support SecureLVE on plain centos.
Click to expand...
so, in future I have to create SecureLVE with securelve_user <domain_owner> (actually I already use this). Enable virtual host chroot and create document root path like /var/securelve/username/var/www/<vhost.domain.com>/httpdocs/ ?

and what will give this SecureLVE option in litespeed ? what difference between LVE and SecureLVE options ?
 
You must log in or register to reply here.
Top