Re: Virtual Hosting Security
From: Adam Maloney (adamm_at_sihope.com)
Date: 07/29/03
- Previous message: Dave [Hawk-Systems]: "RE: using SSH to execute commands on remote servers as different user"
- In reply to: Marco Gonçalves: "Virtual Hosting Security"
- Next in thread: Jez Han***: "Re: Virtual Hosting Security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Tue, 29 Jul 2003 12:43:15 -0500 (CDT) To: Marco Gonçalves <marco@aces.pt>
> the problem is that we offer php4 as a mod_php4 for Apache and even
> though we didnt had (yet) no problem in theory is ease to set up a php
> script using filesystem functions to run, list and view file contents
> of other users...cause the script is runing as www user and this user
> has permissions to enter/read all users www directory.... how can i
> fix this? must i use suexec? does it run properly? do i have to put
> php as cgi only? what is the tradeoff in performance?
Last I checked into it, running it as CGI with suexec was the only "safe"
way to do it (although I think you can disable some of the dangerous
functions). I haven't looked into it in awhile though, so maybe this has
been addressed.
_______________________________________________
freebsd-isp@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-isp
To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"
- Previous message: Dave [Hawk-Systems]: "RE: using SSH to execute commands on remote servers as different user"
- In reply to: Marco Gonçalves: "Virtual Hosting Security"
- Next in thread: Jez Han***: "Re: Virtual Hosting Security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
