Shri Shrikumar wrote:
On Fri, 2004-03-19 at 08:11, Arkadiusz Miskiewicz wrote:The interesting thing is that no one works on fixing perchild MPM in apache2 that would allow to use standard mod_php in secure way :/It would be great if someone get paid to fix that once for all.I wonder if you could fill me in on the details or point me to the right web pages. I am interested in two issues
I assume you're talking about fixing perchild MPM here.
* How difficult is it to do? (est Man hours would be useful too)
I have no idea, but it could involve changing the apache source code. It's not just a matter of configuration files.
* What are the benefits?
It would mean that the proces reading, serving and executing the webpages has the same userid than the creator (the user) of those pages. It eliminates quite a few security issues in a fundamental way.
Also, it would mean that for instance mod_php and (fast)cgi/php can compare directly in terms of security, so the administrator has more freedom to weight speed and design philosophy against one another.
-- Greetings Joris joris@linux.be