Really?  Take anything that runs through CGI.  I can turn on suexec
for it and it will function the same plus it will run as the user and
that gives me more benefits.  But the architecture of how it runs is
100% secure, putting aside any vulnerabilities in the code that come up.

It's what I call OS approach, since it bases itself on user ID for security, and on OS to check user ID. So, what prevents you from running PHP as CGI/suexec without safe mode?

  No, this is the wrong way to approach the problem.  With hundreds of
users, all doing different things, there is a strong possibility that
I'll have to maintain such SELinux or apparmor rules for each user's
website.  That's rediculous.  A secure server should be something that

Sorry if there's no adequate solution for your particular case on the market. But that doesn't mean PHP should try to become AppArmor or SELinux.

  No more high-level than Perl.  What's the difference?  The real

The difference is, last that I heard Perl has no safe mode. perl has taint mode which is very different and maybe - if somebody succeeds in doing that - can be done in PHP too.

writing this a user wrote me about their wordpress site being hacked.
Now that may have been a Wordpress known vulnerability, but it doesn't
matter, without safe_mode on, it could have been worse.

Since safe mode never really provided secure environment, I don't see how it would be worse.

  ???  What do you mean?  I talked with Ryan Bloom about this at Apache
Con 2000 and he said that with Apache 2.0, modules would be able to run

There's a difference between "would be able to" and "works". For now, Apache docs say:
http://httpd.apache.org/docs/2.2/mod/mpm_common.html#user
The User directive sets the user ID as which the server will answer requests
/.../
Special note: Use of this directive in <VirtualHost> is no longer supported. To configure your server for suexec use SuexecUserGroup.

perchild MPM in 2.0 docs says:

This module is not functional. Development of this module is not complete and is not currently active. Do not use perchild unless you are a programmer willing to help fix it.

code with the permissions of the user assigned to each vhost.  I asked
about the prospect of PHP being able to utilize this and he said its
possible, but I got the impression that the PHP devs where not
interested.

We would be very interested to see Apache implementing this capability, but as I understand it never worked stable in 2.0 and was removed in 2.2.
--
Stanislav Malyshev, Zend Software Architect
[EMAIL PROTECTED]   http://www.zend.com/
(408)253-8829   MSN: [EMAIL PROTECTED]

--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to