[php-maint] Bug#674091: Bug#674091: php5: support configuration sets
Christoph Anton Mitterer
calestyo at scientia.net
Wed May 23 19:04:10 UTC 2012
Hey.
On Wed, 2012-05-23 at 20:05 +0800, Thomas Goirand wrote:
> This isn't the only way. I run PHP using sbox-dtc (a CGI wrapper), and a
> chroot template mounted using AUFS.
Has of course the "problem" of setting up and maintaining the chroot...
but a nice idea nevertheles.
> This is very efficient, and you
> don't need to run each PHP program under a different user (since all
> scripts are executed in a chroot).
Phew... well I wouldn't trust chroot's to be break-out secure... and
there are things where the chroot alone doesn't help you, e.g. when you
want to do access control on a DB, and only a specific user should be
allowed to access a specific DB.
> Please don't assume that *your* config is the one that everyone uses (or
> the only one which is safe).
Of course... I'm always open for ideas how to tighten things up even
more.
But I still like my PHP programs to run each under their own users.
I also wouldn't run postfix and e.g. ssh as the same user just because I
jailed them by other means.
Best wishes,
Chris.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5677 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-php-maint/attachments/20120523/e30f085b/attachment.bin>
More information about the pkg-php-maint
mailing list