Keith Devens .com
Keith Devens .com |
Monday, September 8, 2008 | |
| Linux is only free if your time has no value – Jamie Zawinski | ||
|
| ← Why I think weblog spam isn't a long term problem | I am a leftover master! → |
Adam Langley (http://www.imperialviolet.org) wrote:
Keith (http://keithdevens.com/) wrote:
I've been vaguely aware of the huge security issue that running mod_php on a shared host is, but I've intentionally ignored it 
It's unusual for me, because usually I face things I don't want to think about. Oh well. I'm eventually going to move to mod_python and another host, and that host will probably run me in my own sandbox (virtual server, or my own instance of Apache), so that should be good enough.
That's pretty intense about the warez thing. Those people have an impressive operation.
Feel free to post a comment below. Please see my comment policy.
Formatting Rules (No HTML):
Generated in about 0.195s.
(Used 8 db queries)
Friday, November 21, 2003
Permalink
Many multi-user sites run PHP as a CGI because of security reasons. modphp, of course, runs as the same user as the webserver (www). That means that PHP scripts can walk around the webserver and read passwords out of other people's scripts and the like.
PHP/CGI and Apache SuEXEC is pretty much the only way to secure it. In fact, I've reworked SuEXEC quite a lot to run every different directory as a different user and group (like homedirs) and to set resource limits on a per-user basis.
That, and a firewall that stops PHP scripts from using the network stack keeps it at least sane. (Last time we had a user-level breakin our webserver became the central warez hub in Europe over the weekend due to our TBs of storage and 1.1Gps link).
AGL