#ubuntu-server IRC channel
Soren Hansen
sh at linux2go.dk
Mon Mar 26 16:06:43 UTC 2007
On Mon, Mar 26, 2007 at 11:26:06AM -0400, Jim Tarvid wrote:
>> I can recommend lighttpd with a per user fastCGI php process
> The problem is not privilege escalation but the ability to run
> arbitrary code.
[..]
> I am looking for a means to jail virtual users in their user apace.
Confining users to their own space (as dictated by the host system) is
exactly the problem lighttpd with per-user FastCGI PHP processes solves.
When the user has been jailed in like that, the implications of
executing arbitrary code is also brought down to a minimum which is
important as I have yet to see a solution that provides the proper
balance between limiting which function calls are available to PHP while
still allowing most interesting software to run without having to make
all sorts of exceptions.
--
| Soren Hansen | Linux2Go | http://Linux2Go.dk/ |
| Seniorkonsulent | Lindholmsvej 42, 2. TH | +45 46 90 26 42 |
| sh at linux2go.dk | 9400 Norresundby, Denmark | GPG key: E8BDA4E3 |
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-server/attachments/20070326/b5474dd5/attachment.pgp>
More information about the ubuntu-server
mailing list