[php-maint] Bug#674091: Bug#674091: php5: support configuration sets

Thomas Goirand thomas at goirand.fr
Wed May 23 12:05:34 UTC 2012


On 05/23/2012 09:26 AM, Christoph Anton Mitterer wrote:
> On should also choose to execute each PHP program under a different
> user, which is why the apache php module and FastCGI are really
> horrible from a security point of view.

Hi,

This isn't the only way. I run PHP using sbox-dtc (a CGI wrapper), and a
chroot template mounted using AUFS. This is very efficient, and you
don't need to run each PHP program under a different user (since all
scripts are executed in a chroot). This also has protected some of my
users from silly wordpress php script upload security issues (as an
example), because sbox checks if the the PHP scripts are executable.

Please don't assume that *your* config is the one that everyone uses (or
the only one which is safe).

Cheers,

Thomas

P.S: I agree with Ondrej that there's no point in this:
On 05/23/2012 06:21 PM, Ondřej Surý wrote:
> P.S.: Ignoring the 'oh-PHP-is-so-insecure' rant...





More information about the pkg-php-maint mailing list