LiteSpeed Support Forums

LiteSpeed Support Forums (http://www.litespeedtech.com/support/forum/index.php)
-   CGI/Perl/Python (http://www.litespeedtech.com/support/forum/forumdisplay.php?f=22)
-   -   cgi chroot (http://www.litespeedtech.com/support/forum/showthread.php?t=4737)

subhuti 02-23-2011 10:20 AM
cgi chroot
 
Hello!
I've found interesting information on your website

Quote:
"chroot jail" is to have a CGI script started under an assigned alternative root directory, the script can not access files beyond the new root directory. With it, you no longer need to worry about confidential system files being exposed by vulnerable scripts.
(http://www.litespeedtech.com/docs/webserver/security/)
also
I see interesting options in the litespeed admin console
such as "ExtApp Chroot Mode"
I've changed it to virtualhost root but I was able to access system files from cgi (for example python "print open('/etc/passwd','r').read() )
so I'm trying to figure out what does all this means:
I understand that I can put litespeed server in chroot but how I can put separate cgi script in chroot

mistwang 02-23-2011 10:45 AM
You need to build the jail environment for the script, otherwise, it wont work.
If you want per account chroot, you may have to use Cloud Linux SecureLVE, otherwise, it is pretty hard to maintain the chroot jail. Our 4.0.20 release should support SecureLVE on plain centos.

subhuti 02-23-2011 11:14 AM
Quote:
Originally Posted by mistwang (Post 23925)
You need to build the jail environment for the script, otherwise, it wont work.
If you want per account chroot, you may have to use Cloud Linux SecureLVE, otherwise, it is pretty hard to maintain the chroot jail. Our 4.0.20 release should support SecureLVE on plain centos.
so, in future I have to create SecureLVE with securelve_user <domain_owner> (actually I already use this). Enable virtual host chroot and create document root path like /var/securelve/username/var/www/<vhost.domain.com>/httpdocs/ ?

and what will give this SecureLVE option in litespeed ? what difference between LVE and SecureLVE options ?

webizen 02-24-2011 12:18 PM
LSWS 4.0.20 supports SecureLVE. Just enable SecureLVE in LSWS (Admin Console -> Configuration -> Server -> General -> Enable LVE => SecureLVE). See this (http://www.litespeedtech.com/support...curelve_how_to) for more details

subhuti 02-24-2011 01:11 PM
Quote:
Originally Posted by webizen (Post 23959)
LSWS 4.0.20 supports SecureLVE. Just enable SecureLVE in LSWS (Admin Console -> Configuration -> Server -> General -> Enable LVE => SecureLVE). See this (http://www.litespeedtech.com/support...curelve_how_to) for more details
awesome!
thank you


All times are GMT -7. The time now is 06:50 PM.