cgi chroot

#1
Hello!
I've found interesting information on your website

"chroot jail" is to have a CGI script started under an assigned alternative root directory, the script can not access files beyond the new root directory. With it, you no longer need to worry about confidential system files being exposed by vulnerable scripts.
(http://www.litespeedtech.com/docs/webserver/security/)
also
I see interesting options in the litespeed admin console
such as "ExtApp Chroot Mode"
I've changed it to virtualhost root but I was able to access system files from cgi (for example python "print open('/etc/passwd','r').read() )
so I'm trying to figure out what does all this means:
I understand that I can put litespeed server in chroot but how I can put separate cgi script in chroot
 

mistwang

LiteSpeed Staff
#2
You need to build the jail environment for the script, otherwise, it wont work.
If you want per account chroot, you may have to use Cloud Linux SecureLVE, otherwise, it is pretty hard to maintain the chroot jail. Our 4.0.20 release should support SecureLVE on plain centos.
 
#3
You need to build the jail environment for the script, otherwise, it wont work.
If you want per account chroot, you may have to use Cloud Linux SecureLVE, otherwise, it is pretty hard to maintain the chroot jail. Our 4.0.20 release should support SecureLVE on plain centos.
so, in future I have to create SecureLVE with securelve_user <domain_owner> (actually I already use this). Enable virtual host chroot and create document root path like /var/securelve/username/var/www/<vhost.domain.com>/httpdocs/ ?

and what will give this SecureLVE option in litespeed ? what difference between LVE and SecureLVE options ?
 
Top