[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Many Virtual Hosts security problem with PHP

I have a machine with many virtual hosts. Some of the virtual hosts are
maintained by clients (we serve as web hosting company) and some are
The external accounts are loked out of the main fylesystem using proftpd
chroot feature and by having /dev/null as the shell.
My problem is that even that way users of the external group can use php's
fopen() to open other files. And in a php/mysql enviroment is not hard to
find files with database login/password. If i had lots of IP's i could run
several copies of apache each one on it's ip and one for each external
client, i would run it with the clients group and that way i could lock each
one out of the others account. The problem is that i dont have lots of ip's,
any ideas on how to solve this?

Gustavo Felisberto

To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: