Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 12 Jul 2007 19:13:13 +1200
From:      Josh <bsd@kajs.co.nz>
To:        freebsd-questions@freebsd.org
Subject:   ACL/MAC for shared host
Message-ID:  <4695D489.8050607@kajs.co.nz>

Next in thread | Raw E-Mail | Index | Archive | Help
Hello there.

I have apache running php-cgi via fastcgi and suexec on a shared system. 
Each vhost has a SuexecUserGroup set to the user/group of normal system 
account ( which does not have shell access ) which owns the vhost.

Now. I was wondering what the best way of using MAC/ACL's to stop a 
uid:gid ( Suexec user/group ) from being able to run anything other than 
what php has to use, eg, so from php it cannot run system("ls /etc") or 
such like.

Anyone done this before?

It seems to be that not many people seem to care about php security on a 
shared host.

Any comments at all would be appriciated.

Cheers, Josh




Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?4695D489.8050607>