Hello there.
I have apache running php-cgi via fastcgi and suexec on a shared system.
Each vhost has a SuexecUserGroup set to the user/group of normal system
account ( which does not have shell access ) which owns the vhost.
Now. I was wondering what the best way of using MAC/ACL's to stop a
uid:gid ( Suexec user/group ) from being able to run anything other than
what php has to use, eg, so from php it cannot run system("ls /etc") or
such like.
Anyone done this before?
It seems to be that not many people seem to care about php security on a
shared host.
Any comments at all would be appriciated.
Cheers, Josh
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"