[Moin-user] chroot in moinmoin?

Thomas Waldmann tw-public at gmx.de
Wed May 17 07:29:02 EDT 2006

> it is possible to have a "chroot" in a moin moin installation?

Not within moin, but maybe you can do that for the web server calling 
moin or run the Twisted or Standalone server in a chroot.

> Something like the open_basedir() option in php?

moin doesn't execute user code (you have to manually install plugins or 
be superuser to install packages).

Even if moin crashes, it never does "buffer overflows" like software 
written in C/C++, but just gives you a nice python backtrace on screen.

The only critical thing is the python interpreter itself (as it is 
written in C), but security issues are very rare for it.

> I want to secure as much as possible the moin moin installation.

NOT putting data/ under documentroot and NOT having data/ nor the 
MoinMoin code / config readable/writeable by filesystem by non-trusted 
system users is usually enough for that.

More information about the Moin-user mailing list