Hi to everyone, Working for an ISP with a few mass-hosting servers (a couple thousand domains), I'm currently trying to find solutions to some of the security problems this scenario entails.
One being how to set up a secure environment that involved PHP or other modules where suexec doesn't work. The solution struck me as being easy, but it seems so obvious that I may have missed something important, so please comment. Idea: On handling a file, setuid() to owner of file. On closing connection, re-engage original uid (nobody, apache, www-data, whatever it is). PHP will run under user's UID, other users are save. This would be maybe 10 lines of code. It can't be that easy, can it? What am I missing? Tom Vogt Hansenet Webfarm Security
