On Mon, 11 Mar 2002, mulix wrote:
> On Mon, Mar 11, 2002 at 10:40:03AM +0200, Sagi Bashari wrote:
>
> > You can just give them chrooted FTP account, set the shell to /bin/false,
> > and disable PHP/CGI for those accounts,
> >
> > That way they'll only be able to upload static content , and not run
> > anything on the server.
>
> is there a way to allow running dynamic content (i think php was
> requested) without jeopardizing the server?
I believe PHP (and other server-side-scripting technologies) run as user
nobody. However, if we have local root exploits open, then it can be
used to gain root access for the machine. Maybe it is possible to limit
the PHP VM to only do what we allow it to do, but one will have to RTFM
about it.
Regards,
Shlomi Fish
> --
> The ill-formed Orange
> Fails to satisfy the eye: http://vipe.technion.ac.il/~mulix/
> Segmentation fault. http://syscalltrack.sf.net/
>
>
>
>
>
> ----------------------------------------------------------------------------
> To unsubscribe, send a message to [EMAIL PROTECTED]
> Archives available at http://www.mail-archive.com/[email protected]/
>
----------------------------------------------------------------------
Shlomi Fish [EMAIL PROTECTED]
Home Page: http://t2.technion.ac.il/~shlomif/
Home E-mail: [EMAIL PROTECTED]
"Let's suppose you have a table with 2^n cups..."
"Wait a second - is n a natural number?"
----------------------------------------------------------------------------
To unsubscribe, send a message to [EMAIL PROTECTED]
Archives available at http://www.mail-archive.com/[email protected]/
