[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: advice request for shared hosting and security issue

On 06/24/2013 11:29 PM, Matus UHLAR - fantomas wrote:
>> On 06/24/2013 02:14 PM, Oğuz Yarımtepe wrote:
>>> I solved this isseu by completely removing php-fpm and fastcgi and just
>>> using mod_php. Added php_admin_value open_basedir path fr each vhost.
> 
> On 24.06.13 22:38, Thomas Goirand wrote:
>> Great, you now have a security hole, using a deprecated directive, which
>> is removed in the current stable version of PHP!
> 
> When was open_basedir deprecated? I see that safe_mode is deprecated, but
> not the open_basedir...

Ok, probably not. However, open_basedir is *not* something that is
useful in terms of security. Libraries which can be called by PHP still
have access to the full of the filesystem. So yes, you'd be restricting
includes, but that's it, and this is not enough. The solution is a full
chroot for each vhost.

Thomas
Reply to: