Re: Document the bug fix policy regarding PHP Safe Mode

To: debian-security@lists.debian.org
Subject: Re: Document the bug fix policy regarding PHP Safe Mode
From: Andreas Gredler <jimmy@g-tec.co.at>
Date: Thu, 14 Jul 2005 13:53:01 +0200
Message-id: <[🔎] 20050714115301.GA29688@ultimate>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <[🔎] 87slyipngi.fsf@deneb.enyo.de>
References: <[🔎] 87slyipngi.fsf@deneb.enyo.de>

On Wed, Jul 13, 2005 at 08:31:25PM +0200, Florian Weimer wrote:
 
> <h2>Alternatives</h2>
> 
> <p>Most large ISPs who run customer PHP scripts on shared hosting
> servers do not use <code>mod_php</code> (or other forms of direct
> integration into a web server), but use the CGI version of PHP, <a
> href="http://httpd.apache.org/docs/suexec.html";>suEXEC</a>, and a
> different user account for each customer and proper permissions.  This
> way, the operating system enforces the usual restrictions.</p>

Is there a security related difference between running suexec and
running mod_php with suphp?

greets Jimmy

-- 
                 Andreas "Jimmy" Gredler 
   ,'"`.         http://www.g-tec.co.at/ | jimmy@g-tec.co.at
  (  grml.org -» Linux for texttool-users and sysadmins
   `._,          http://www.grml.org/    | jimmy@grml.org

Reply to:

Follow-Ups:
- Re: Document the bug fix policy regarding PHP Safe Mode
  - From: Florian Weimer <fw@deneb.enyo.de>

References:
- Document the bug fix policy regarding PHP Safe Mode
  - From: Florian Weimer <fw@deneb.enyo.de>

Prev by Date: Re: [SECURITY] [DSA 746-1] New packages fix remote command execution in phpgroupware
Next by Date: Re: Document the bug fix policy regarding PHP Safe Mode
Previous by thread: Document the bug fix policy regarding PHP Safe Mode
Next by thread: Re: Document the bug fix policy regarding PHP Safe Mode
Index(es):
- Date
- Thread