On Tue, Jan 23, 2007 at 05:44:38PM +0100, Almir Karic wrote:
> what i would like to achieve is that on a shared host if bad guys (tm)
> break into one site they can't get to other sites.
>
> is this possible? i've been looking at su-exec but it is for cgi
> scripts only :/, what other options there are?
>
> AFAIK chroot is not the correct answer to my question as it protects
> the rest of the system from being exploited if one of the sites gets
> cracked but it can't protect one site from another...
The simple solution is to not allow the web server to write anywhere but
/tmp.
There are other solutions to this problem, including suexec, but the
above is surprisingly easy to pull off.
Joachim
