On Tue, Jul 23, 2002 at 03:31:20PM +0200, Ralf Dreibrodt wrote: > > What kind of security can I use to avoid this ? Can we chroot the PHP > > (Yes I know it's a strange sentence :) ? > > 1. care about every service: > > use SuEXEC for CGIs, Safe Mode for PHP, a good directory and right > structure. A much better approach is using the "sbox" tool to not only chroot php but every CGI binary (php will then be a cgi, too). It has the additional benefit of having a unique UID for every user that runs php/cgi processes so users can no longer play "killall -9" to shoot each other up...
> 2. chroot everything > just chroot the users at the login after ssh (if you want to allow ssh), > chroot apache (that means every user must have one apache-process), chroot > ftp (what you have already done). This will be a great loss of performance and a waste of server resources :-) bye, -christian- -- Christian Hammers WESTEND GmbH - Aachen und Dueren Tel 0241/701333-0 [EMAIL PROTECTED] Internet & Security for Professionals Fax 0241/911879 WESTEND ist CISCO Systems Partner - Authorized Reseller -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]