Re: [PHP] Securing suexec PHP against local attacks by the webserver user

Andrew schreef: > Jochem Maas wrote: >> Andrew schreef: >> >>> Hi, >>> >>> >> >> >> >> >>> As an example of the attack... >>> $ whoami >>> www-data >>> >> >> isn't the whole point of suexec/PHP/FastCGI that the local user >> has no access to the www-data account ... suexec switch

Re: [PHP] Securing suexec PHP against local attacks by the webserver user

Jochem Maas wrote: Andrew schreef: Hi, As an example of the attack... $ whoami www-data isn't the whole point of suexec/PHP/FastCGI that the local user has no access to the www-data account ... suexec switches to the users account from the webserver account not the ot

Re: [PHP] Securing suexec PHP against local attacks by the webserver user

Andrew schreef: > Hi, > > > As an example of the attack... > $ whoami > www-data isn't the whole point of suexec/PHP/FastCGI that the local user has no access to the www-data account ... suexec switches to the users account from the webserver account not the other way around. so the atta

[PHP] Securing suexec PHP against local attacks by the webserver user

Hi, I am trying to set up a site which can run securely on a shared hosting environment where users have a choice of running PHP scripts using suexec and FastCGI, or using mod_php and running the scripts as the same user as the webserver. My scripts need to read a local file with the databas