mirror of
https://github.com/pissnet/pissircd.git
synced 2025-08-13 13:41:37 +01:00
- Document CHROOTDIR in unreal32docs, reported by Beastie (#0002446).
This commit is contained in:
parent
75bf27a52b
commit
29680132b9
2 changed files with 7 additions and 1 deletions
1
Changes
1
Changes
|
@ -1550,3 +1550,4 @@
|
|||
- CGI:IRC + IPv6: Fixed issue where all cgiirc ipv4 clients were rejected with
|
||||
the message 'Invalid IP address', reported by stskeeps (#0003311), nate
|
||||
(#0003533) and others.
|
||||
- Document CHROOTDIR in unreal32docs, reported by Beastie (#0002446).
|
||||
|
|
|
@ -3482,8 +3482,13 @@ It will however make it more difficult / increase the effort needed to attack/ha
|
|||
There are kernel patches that make it more difficult for stack- and heap-based exploits to
|
||||
work. This is nice, but should not be your main focus point, you have a far more bigger risk
|
||||
of getting exploited through the other points than this... for various reasons.<br>
|
||||
Another option is enabling chrooting (*NIX only), which means upon a succesfull exploit,
|
||||
the user is confined to the UnrealIRCd directory and cannot touch any other
|
||||
files. This requires root privileges, modifying of include/config.h
|
||||
(search for CHROOTDIR, and also set IRC_USER and IRC_GROUP), and a
|
||||
recompile.<br>
|
||||
<br>
|
||||
There's one thing you should do however, which is to ALWAYS USE THE LATEST VERSION,
|
||||
There's one thing you should definately do, which is to ALWAYS USE THE LATEST VERSION,
|
||||
subscribe to the <a href="http://mail1.sourceforge.net/mailman/listinfo/unreal-notify" target="_blank">unreal-notify mailinglist</a>
|
||||
right now so you receive the release announcements (unreal-notify is for release announcements only,
|
||||
so only 1 mail per X months). Usually it's explicitly mentioned in the release announcement if the
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue