Topic: Can't get chroot jail to work

[Scorpion]

Hi there, I'm running Apache 2.0.55 / PHP 5.1.1 on Windows XP. I wrote a php script that allows me to access any file on my system. And I want to disable this by running apache in a chroot jail. So I downloaded mod_security-1.9.1-2.0.55-w32.zip. But somehow I can't get the SecChrootDir option to work. Here's what I did:

- Create a folder C:\server\www\Apache2\modules\mod_security\
- Copy to that folder: mod_security.so and the files msvcr80.dll and Microsoft.VC80.CRT.manifest.
- Add to your httpd.conf: LoadModule security_module modules/mod_security/mod_security.so
- And then added these lines to the end of httpd.conf:
<IfModule mod_security.so>
SecChrootDir c:/server/www/public_html
</IfModule>

After I restart the server, I am still able to access any file outside the root. Could someone please explain what's wrong?

[Steffen]

Never tried the Chooting in mod_security.


The docs says "Only the root user can escape the jail", when I understand that, when you run Apache under an Adinistartor account then it does not work.

Maybe you can try to run Apache under a user account.

Afterall I am not sure if it is running with Windows and maybe it is a Linux thingy.

Steffen

[Steffen]

From the author of mod_security I get the following answer:

[Scorpion]

Too bad, I thought I finally found an easy way to do this. Thanks anyway.