Hi,
On Tue, 23.01.2007 at 21:45:14 +0100, Joachim Schipper [EMAIL PROTECTED]
wrote:
On Tue, Jan 23, 2007 at 05:44:38PM +0100, Almir Karic wrote:
what i would like to achieve is that on a shared host if bad guys (tm)
break into one site they can't get to other sites.
is this possible?
Toni Mueller wrote:
To me, this currently comes down to using unique user and group ids for
individual web site instances, and then chroot each server into their
respective tree where the requirement for reading other people's data
is to break out of the chroot first.
This can be done with the
Lars Hansson wrote:
Toni Mueller wrote:
To me, this currently comes down to using unique user and group ids for
individual web site instances, and then chroot each server into their
respective tree where the requirement for reading other people's data
is to break out of the chroot first.
This
Hi,
On Fri, 26.01.2007 at 19:17:41 +0800, Lars Hansson [EMAIL PROTECTED] wrote:
Toni Mueller wrote:
To me, this currently comes down to using unique user and group ids for
individual web site instances, and then chroot each server into their
respective tree where the requirement for reading
Joachim, could you share your config files for that?
On 1/23/07, Joachim Schipper [EMAIL PROTECTED] wrote:
The simple solution is to not allow the web server to write anywhere but /tmp.
Regards
Alex
--
http://preferans.de
what i would like to achieve is that on a shared host if bad guys (tm)
break into one site they can't get to other sites.
is this possible? i've been looking at su-exec but it is for cgi
scripts only :/, what other options there are?
AFAIK chroot is not the correct answer to my question as it
On 1/23/07, Almir Karic [EMAIL PROTECTED] wrote:
what i would like to achieve is that on a shared host if bad guys (tm)
break into one site they can't get to other sites.
break in has more than one meaning, and you might have different
answers for different scenarios.
is this possible? i've
I had an idea but not sure if its possible, section off and chroot
each site into a folder of its own, not sure if thats possible to
chroot each site to a diff dir or not, i think apache only allows you
to chroot the process
Maybe use permissions, diff user on each site, chmod to disallow
Maybe use permissions, diff user on each site, chmod to disallow
writing from other users?
that would solve the problem, but i have no idea how to achive it, and
google doesn't seem to like me :/. any hints?
--
almir
Almir Karic wrote:
what i would like to achieve is that on a shared host if bad guys (tm)
break into one site they can't get to other sites.
is this possible? i've been looking at su-exec but it is for cgi
scripts only :/, what other options there are?
AFAIK chroot is not the correct answer to
On Tue, Jan 23, 2007 at 05:44:38PM +0100, Almir Karic wrote:
what i would like to achieve is that on a shared host if bad guys (tm)
break into one site they can't get to other sites.
is this possible? i've been looking at su-exec but it is for cgi
scripts only :/, what other options there
Almir Karic wrote:
what i would like to achieve is that on a shared host if bad guys (tm)
break into one site they can't get to other sites.
if get to=look at, this is probably pointless. Unless it is a
authentication-protected site, the information is usually spread
around by various browser
On Tue, Jan 23, 2007 at 05:44:38PM +0100, Almir Karic wrote:
is this possible? i've been looking at su-exec but it is for
cgi scripts only :/, what other options there are?
If you can run the app(s) with FastCGI (most PHP stuff I have
tried does), another option is to use suexec wrapper for
13 matches
Mail list logo