[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: mod_php vs fastcgi/php speed

On Fri, Mar 19, 2004 at 04:22:27PM +0100, Arkadiusz Miskiewicz wrote:
> Right now running apache and having multiple virtual hosts for multiple 
> clients is not secure. Each client can look into others *.php, *.inc files, 
> read for example database passwords from these files etc.

suexec is meant to improve the situation, though it has proven
quote inflexible for my purposes.  I have written a suexec
compatible wrapper called csux that allows for, for example,
specifying a different execution uid than the program's owner.
(suexec runs everything with the uid of owner, unless you're
using virtual hosts which you can't if you're communicating over
https...).  I think it's an important security gain, because this
way a c****y PHP script won't be able to read/write arbitrary
files in its web repository.


   Seven deadly sins | 1024D/37B8D989           | Seven signs
 Seven gates to hell | 954B 998A E5F5 BA2A 3622 | Seven lies
 Seven world wonders | 82DD 54C2 843D 37B8 D989 | Seven days
Seven years bad luck | http://sks.dnsalias.net  | Seven dreams

Reply to: