[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Apache + PHP and user permissions


StarK wrote:
> What kind of security can I use to avoid this ? Can we chroot the PHP
> (Yes I know it's a strange sentence :) ?

i know two useable solutions:

1. care about every service:

use SuEXEC for CGIs, Safe Mode for PHP, a good directory and right

2. chroot everything
just chroot the users at the login after ssh (if you want to allow ssh),
chroot apache (that means every user must have one apache-process), chroot
ftp (what you have already done).


To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: