Dr. Gianluigi Zanettini wrote: > Hi all, > I'm sure this stuff is pretty old for you, but since the mailinglist > archive ain't searchable, I'm not able to find thread about it. So, any > "RTFM here http://..."; is actually appreciated too!! > > > I'm trying to secure a shared webhost, so I basically need: > > 1) Each website must be able to read/include only in it's own directory > > 2) Nobody has to be able to load a <?php exec('evilscript.php.sh'); ?> > > > I managed to have suPHP up and running, but: > > 1) A script <?php echo readfile('/etc/passwd'); ?> works, since 'passwd' > has to be world-readable > > 2) exec() functions aren't disabled > > > For the moment, I felt back to PHP + open_basedir + disabled_function... > but I'd truly would like to have the ability to run PHP as different > users provided by suPHP! > > Thanks for your replies, > > -- > Dr. Gianluigi Zanettini - http://www.megalab.it > Hello Gianluigi.
You need to use the "chroot" suphp function. It's a quite tricky setup, but it works (I have it running on 13 production servers) -- Giuseppe Iannello System administrator _______________________________________________ suPHP mailing list [email protected] https://lists.marsching.com/mailman/listinfo/suphp
