freeVSD's use of chroot serves to isolate the users of one virtual server
from accessing or manipulating the files of another virtual server, or the
hosting server itself. chroot does not provide any specific benifits for
PERL or PHP.
Consider the situation where you were able to provide a dedicated piece of
hardware for every client who wished to host their web/mail/users with you.
If you properly secured their use of Perl and PHP they would not hose their
server through the use of poorly written scripts. If you properly secured
their server they would not leave themselves wide open to intrusion and
abuse of their server.
freeVSD effectively allows you to place a number of such dedicated servers
on a single piece of hardware. You still need to perform exsactly the same
steps to secure your end users use of Perl/PHP and still need to impose the
same sort of server security. The specific benifit provided by freeVSD is
that you are utilising your hardware to maximum effect... (I won't go into
the security and maintenance advantages of using a standard 'skel' template
for all virtual servers in a server farm, nor the administration tools and
ability to delegate administration control through both virtual server and
virtual domain levels...)
Tim
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Gil Vidals
> Sent: 03 August 2001 19:20
> To: [EMAIL PROTECTED]
> Subject: Re: Securing PERL and PHP sciprts
>
>
> What protection will freeVSD's chroot environment provide with respect to
> running PERL and PHP scripts?
>
> I'm guessing that it will help prevent scripts from accessing
> certain files?
> Can anyone clarify what specific benefits chroot has in terms of running
> PERL and PHP?
>
>
> [EMAIL PROTECTED]
> TruePath, Inc.
> Free Christian Web Hosting
> tel: (760) 480-8791 fax: (760) 480-8271
> http://www.TruePath.com
>
>
>
> ------------------------- The freeVSD Support List
> --------------------------
> Subscribe: mailto:[EMAIL PROTECTED]?body=subscribe%20freevsd-support
> Unsubscribe:
> mailto:[EMAIL PROTECTED]?body=unsubscribe%20freevsd-support
> Archives: http://freevsd.org/support/mail-archives/freevsd-support
> ------------------------------------------------------------------
> -----------
------------------------- The freeVSD Support List --------------------------
Subscribe: mailto:[EMAIL PROTECTED]?body=subscribe%20freevsd-support
Unsubscribe: mailto:[EMAIL PROTECTED]?body=unsubscribe%20freevsd-support
Archives: http://freevsd.org/support/mail-archives/freevsd-support
-----------------------------------------------------------------------------
