[Moin-user] chroot in moinmoin?
Oliver Schulze L.
oliver at samera.com.py
Wed May 17 07:49:01 EDT 2006
Thomas Waldmann wrote:
>> it is possible to have a "chroot" in a moin moin installation?
>
> Not within moin, but maybe you can do that for the web server calling
> moin or run the Twisted or Standalone server in a chroot.
>
>> Something like the open_basedir() option in php?
>
> moin doesn't execute user code (you have to manually install plugins
> or be superuser to install packages).
>
> Even if moin crashes, it never does "buffer overflows" like software
> written in C/C++, but just gives you a nice python backtrace on screen.
>
> The only critical thing is the python interpreter itself (as it is
> written in C), but security issues are very rare for it.
>
Hi Thomas,
thanks for answering.
My main concern is that if moinmoin have a security issue in the future,
I don't want
people to use it for accessing files outside the /wiki (installation)
directory.
They can hack my moinmoin installation, but only inside the installation
dir.
I will have backups of the wiki data for restoring later.
Thats why I talked about the open_basedir(). That funcion in php limit
all .php scripts to open files only inside the directory you specify.
I use the open_basedir() in php and it probed useful when phpbb got hacked.
I know moin moin is way better programmed than phpbb, but I wanted to have
that double security.
Thanks
Oliver
--
Oliver Schulze L.
<oliver at samera.com.py>
More information about the Moin-user
mailing list