On Mon, Dec 13, 2004 at 01:44:41PM +0200, Boris Pavlov wrote: > > limit with php opendir. make another tmp directory, and set php temp dir, > with all permissions you want. limit the system function, if you don't need > it. they are a per-vhost apache settings, check the manuals. >
I run apache using dchroot to avoid the most common problems. Breaking a chroot is possible, but not so easy and it's more difficult within dchroot which _should_ drops privileges properly AFAIK. I do that commonly for hosting services where users can run their own php and cgi scripts. That cannot avoid creating shells services, surely but avoid password cracking, use of cron, access to kernel modules and log files, and so on. -- Francesco P. Lovergine -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
