On Sun, 6 Mar 2011 22:43:36 +0000 (UTC) aaron...@comcast.net wrote: > I could jail the www-data account but this would not prevent one virtual host > from seeing another using a phpshell since they would be in the same jail.
Yep. Virtualhosts aren't designed for that level of security. You forgot to tell us what platform you're on. You have one suggestion based on FastCGI, and one I've never heard of based on selinux. Two simpler alternatives are CGI with suexec (which is cross-platform) or mod_privileges (for Solaris). -- Nick Kew Available for work, contract or permanent. http://www.webthing.com/~nick/cv.html --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
