lighttpd is a worthy suggestion. It will probably take a day or two on a sandbox to consider the ramifications.
My hosting control system is highly dependent on apache. I also use XAMPP for my MS clients. The problem is not privilege escalation but the ability to run arbitrary code. At this moment PHP is the object of my concern. I've managed to plug the shell like holes (I think) and I am looking for a means to jail virtual users in their user apace. Jim Tarvid On 3/26/07, Soren Hansen <[EMAIL PROTECTED]> wrote: > On Mon, Mar 26, 2007 at 10:15:28AM -0400, Jim Tarvid wrote: > > I use Ubuntu on both shared and dedicated servers. The shared servers > > offer special security challenges. I've been working through php > > security on a shared server and it is a nightmare. The paranoid > > php.ini is useful as an example of what can be done but without some > > compromise, PHP websites will break. > > I can recommend lighttpd with a per user fastCGI php process (apache can > do FastCGI, too, but I believe there are license implications of some > sort). That way, each user's stuff is run as the user and hence many of > the security implications of PHP are gone. Oh, and it's really fast, > too. :-) > > -- > | Soren Hansen | Linux2Go | http://Linux2Go.dk/ | > | Seniorkonsulent | Lindholmsvej 42, 2. TH | +45 46 90 26 42 | > | [EMAIL PROTECTED] | 9400 Norresundby, Denmark | GPG key: E8BDA4E3 | > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.3 (GNU/Linux) > > iD8DBQFGB92NonjfXui9pOMRAh2GAJ9bKV2hDPN2QHkQ933BznMPdbvPKACfRt9d > ehIxlMqfLRMZPa3fkaGyWz0= > =9Mb0 > -----END PGP SIGNATURE----- > > -- > ubuntu-server mailing list > ubuntu-server@lists.ubuntu.com > https://lists.ubuntu.com/mailman/listinfo/ubuntu-server > > -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
