On Mon, 2010-07-12 at 15:35 +0200, Reindl Harald wrote: > Am 12.07.2010 15:29, schrieb Rasmus Lerdorf: > > Even for small sites, you can get your own VM from Rackspace > > Cloud for about $10/month or from linode or any number of providers > > where you are not sharing your PHP environment with anyone. > > > > -Rasmus > > This is no argument because the most envirnonments are shared because > you can not install 400 virtual machines for 400 small domains, > somebody have to update them all....
Still you shouldn't run purely in a mod_php+vhost configuration, PHP tries to do a lot (safe_mode, open_basedir, ...) to limit the possibilities but in the end every vhost customer can run arbitrary code and we can try our best but there will always issues where our protection won't work. The only place where such protections work is at OS level where you can make use of suphp-like tools or so. As PHP links to tons of external libs which aren't meant to be "secured" in that way needed there will always be vectors - vectors PHP can't fix. (just check possible glibc buffer overflows where we can only provide artificial limits ...) The only working protection is done by the operating system and a layer inside the application trying to do this is doomed to fail. PHP tries to prevent mistakes from being exploited but somebody who can execute arbitrary code and wants to bypass PHP's protection system will always find a way. > The price for a v-server is also no argument because you can > not recommend that every NOOB buys a virtual server because > this is really really dangerous if he has no skills for > holding it up to date and secure Well, it is dangerous, too if he runs a PHP application and doesn't keep it up to date and secure either. johannes -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
