|
|
|
|
|
|
by pzb
5602 days ago
|
|
|
You shouldn't need to chroot apache to avoid serving /etc/passwd. I have never worked on a site with chroot'd Apache, and have never run into these kind of issues. Are you setting your Apache configuration to only allow reading certain directories? |
|
|
Disabling shell functions (system, exec, etc.) is also a good idea, unless the application itself requires them (e.g. if the host is too stupid/lazy to have the imagick extension installed and tells you to call /usr/bin/imagick instead...).