On Fri, Mar 19, 2004 at 04:22:27PM +0100, Arkadiusz Miskiewicz wrote: > > Right now running apache and having multiple virtual hosts for multiple > clients is not secure. Each client can look into others *.php, *.inc files, > read for example database passwords from these files etc.
suexec is meant to improve the situation, though it has proven quote inflexible for my purposes. I have written a suexec compatible wrapper called csux that allows for, for example, specifying a different execution uid than the program's owner. (suexec runs everything with the uid of owner, unless you're using virtual hosts which you can't if you're communicating over https...). I think it's an important security gain, because this way a c****y PHP script won't be able to read/write arbitrary files in its web repository. bit, adam -- Seven deadly sins | 1024D/37B8D989 | Seven signs Seven gates to hell | 954B 998A E5F5 BA2A 3622 | Seven lies Seven world wonders | 82DD 54C2 843D 37B8 D989 | Seven days Seven years bad luck | http://sks.dnsalias.net | Seven dreams
