Hi all, and happy new year ;)
I'm doing some security tests on our servers to check if we could
provide Rivet to our customer.
Alas, it seems there is a big problem: rivet isn't "jailed" in each
apache virtual host. For example, it's possible for user
"foo" (running in /home/foo/www) to glob, open, read, delete, etc..
all files owned by user "bar" (in /home/bar/www).
So I wonder if something like suexec (for cgi) or safe_mode /
open_basedir (for PHP) for rivet to jailed (chroot?) it into virtual
host DocumentRoot?
--
David Zolli
[EMAIL PROTECTED]
http://www.kroc.tk
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
