Date: Thu, 12 Jul 2007 19:13:13 +1200 From: Josh <bsd@kajs.co.nz> To: freebsd-questions@freebsd.org Subject: ACL/MAC for shared host Message-ID: <4695D489.8050607@kajs.co.nz>
next in thread | raw e-mail | index | archive | help
Hello there.
I have apache running php-cgi via fastcgi and suexec on a shared system.
Each vhost has a SuexecUserGroup set to the user/group of normal system
account ( which does not have shell access ) which owns the vhost.
Now. I was wondering what the best way of using MAC/ACL's to stop a
uid:gid ( Suexec user/group ) from being able to run anything other than
what php has to use, eg, so from php it cannot run system("ls /etc") or
such like.
Anyone done this before?
It seems to be that not many people seem to care about php security on a
shared host.
Any comments at all would be appriciated.
Cheers, Josh
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4695D489.8050607>