Re: advice request for shared hosting and security issue

To: debian-isp@lists.debian.org
Subject: Re: advice request for shared hosting and security issue
From: Thomas Goirand <zigo@debian.org>
Date: Mon, 24 Jun 2013 22:38:00 +0800
Message-id: <[🔎] 51C859C8.1050503@debian.org>
In-reply-to: <[🔎] CAKtWOTRUBXq32ucWjnm5AtQGj4z3zpenCbOrqxJChFNr7sxgtA@mail.gmail.com>
References: <[🔎] CAKtWOTRPSoKEM3YTGqLFjkyW68rWLwsv5Ri0KmVLLiGLix0BMQ@mail.gmail.com> <12847189.12184.1371990724007.JavaMail.mobile-sync@iepx8> <-7365347615266111194@unknownmsgid> <[🔎] CAKtWOTRUBXq32ucWjnm5AtQGj4z3zpenCbOrqxJChFNr7sxgtA@mail.gmail.com>

On 06/24/2013 02:14 PM, Oğuz Yarımtepe wrote:
> 
> 
> 
> On Mon, Jun 24, 2013 at 12:37 AM, Darryl Ware <darryl.ware@gmail.com
> <mailto:darryl.ware@gmail.com>> wrote:
> 
>     Would apparmor be of any use in this instance?
> 
> 
> I solved this isseu by completely removing php-fpm and fastcgi and just
> using mod_php. Added php_admin_value open_basedir path fr each vhost.

Great, you now have a security hole, using a deprecated directive, which
is removed in the current stable version of PHP!

> Everything is fine for now.

Until a hacker has a go with your server...

Thomas

Reply to:

Follow-Ups:
- Re: advice request for shared hosting and security issue
  - From: Matus UHLAR - fantomas <uhlar@fantomas.sk>

References:
- advice request for shared hosting and security issue
  - From: Oğuz Yarımtepe <oguzyarimtepe@gmail.com>
- Re: advice request for shared hosting and security issue
  - From: Darryl Ware <darryl.ware@gmail.com>
- Re: advice request for shared hosting and security issue
  - From: Oğuz Yarımtepe <oguzyarimtepe@gmail.com>

Prev by Date: Re: advice request for shared hosting and security issue
Next by Date: Re: advice request for shared hosting and security issue
Previous by thread: Re: advice request for shared hosting and security issue
Next by thread: Re: advice request for shared hosting and security issue
Index(es):
- Date
- Thread