[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [d-security] Apache Virtual Hosts Chroot ?


On Tue, Feb 25, 2003 at 10:15:15AM +0100, debian-isp wrote:
> - chrooting virtual hosts in apache ? 

We had great success with a tiny tool called sbox. All CGI/PHP requests
are rewritten to "/cgi-bin/sbox?..." This sbox then looks
to the files owner and changes it's uid to the one (if it's !=0). 
It also chroot's to the DocumentRoot.

As PHP is run as CGI as well, everything except plain .html is executed with 
the uid of the ftp root's owner.
This is by far the most secure (PHP-capable) setup I know. Except
user-mode-linux maybe :)

Some limitations: 
 - .shtml and some .htaccess options are not allowed though, but you can
   live without.
 - PHP will be slower of course but fast hardware is cheap enough.



P.S.: Look at the archives, we had this discussion some times now..

Reply to: