Hi all,
I'm sure this stuff is pretty old for you, but since the mailinglist
archive ain't searchable, I'm not able to find thread about it. So, any
"RTFM here http://..."; is actually appreciated too!!
I'm trying to secure a shared webhost, so I basically need:
1) Each website must be able to read/include only in it's own directory
2) Nobody has to be able to load a <?php exec('evilscript.php.sh'); ?>
I managed to have suPHP up and running, but:
1) A script <?php echo readfile('/etc/passwd'); ?> works, since 'passwd'
has to be world-readable
2) exec() functions aren't disabled
For the moment, I felt back to PHP + open_basedir + disabled_function...
but I'd truly would like to have the ability to run PHP as different
users provided by suPHP!
Thanks for your replies,
--
Dr. Gianluigi Zanettini - http://www.megalab.it
_______________________________________________
suPHP mailing list
suPHP@lists.marsching.com
https://lists.marsching.com/mailman/listinfo/suphp
