You make a good case. ISPConfig is planning on building on lighttpd. Maybe the VHCS Omega people will as well.
Maybe arbitrary code execution in your own space is enough. Jim Tarvid On 3/26/07, Soren Hansen <[EMAIL PROTECTED]> wrote: > On Mon, Mar 26, 2007 at 11:26:06AM -0400, Jim Tarvid wrote: > >> I can recommend lighttpd with a per user fastCGI php process > > The problem is not privilege escalation but the ability to run > > arbitrary code. > [..] > > I am looking for a means to jail virtual users in their user apace. > > Confining users to their own space (as dictated by the host system) is > exactly the problem lighttpd with per-user FastCGI PHP processes solves. > > When the user has been jailed in like that, the implications of > executing arbitrary code is also brought down to a minimum which is > important as I have yet to see a solution that provides the proper > balance between limiting which function calls are available to PHP while > still allowing most interesting software to run without having to make > all sorts of exceptions. > > -- > | Soren Hansen | Linux2Go | http://Linux2Go.dk/ | > | Seniorkonsulent | Lindholmsvej 42, 2. TH | +45 46 90 26 42 | > | [EMAIL PROTECTED] | 9400 Norresundby, Denmark | GPG key: E8BDA4E3 | > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.3 (GNU/Linux) > > iD8DBQFGB++SonjfXui9pOMRAqQsAJ9HUStUs/8rwQWXQk0svHD4Aa9EVQCeMPqE > YlKFxHASPXMxOtBZ2bzBxRg= > =Tb9r > -----END PGP SIGNATURE----- > > -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server