Join Up! 104886 members and counting!

Login To PHPBuilder User Name: Password: Register A New Site Account * NOTE: This is for logging into the main site only! To login to the forums, click here

Linux Today Enterprise Linux Today Apache Today JustLinux.com Linux Planet PHPBuilder All Linux Devices Hiermenus DatabaseJournal Technology Jobs Covalent Extends Apache 2.0 to Microsoft ASP.NET ShopWorX - Support for Windows PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and 4.2.1 Network Risk Assessment Full-Featured, Java-Based Apache GUI PHP Iterator Developing a Ajax-driven Shopping Cart with PHP and Prototype Ajax and PHP: The Simple Way BitMasks - Emulate Unix Permissions in PHP Fundamentals of PHP Superglobals

php3-list | 199807

From: Sparks, Alan (asparks <email protected>)
Date: 07/27/98

• Next message: Sander Steffann: "Re: [PHP3] Security concern w/ PHP3/FrontPage combo"
• Previous message: Adam Trachtenberg: "Re: [PHP3] Quick formatting question"
• Maybe in reply to: Sparks, Alan: "[PHP3] Security concern w/ PHP3/FrontPage combo"
• Next in thread: Sander Steffann: "Re: [PHP3] Security concern w/ PHP3/FrontPage combo"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Running the server itself in a chroot() environment will help only isolate the
server processes from the filesystem outside of the document tree. This is an
issue of access within the document tree.
Unless you can figure out how the web server running PHP in module form can keep
chroot()ing itself, which won't work (can't gain back what you gave away), plus
is a config nightmare anyway.

-Alan

-----Original Message-----
From: Palle Girgensohn [mailto:girgen <email protected>]
Sent: Monday, July 27, 1998 1:54 PM
To: Sparks, Alan
Cc: 'Sander Steffann'; php3 <email protected>
Subject: Re: [PHP3] Security concern w/ PHP3/FrontPage combo

One could probably enhance security by running the web server in a
chrooted system. For example, Wietse Venema's chrootuid could be used.
Check out ftp://ftp.win.tue.nl/pub/security/index.html#software ->
Chrootuid.

I haven't tried this myself, though. Yet... :)

/Palle

--
PHP 3 Mailing List   http://www.php.net/
To unsubscribe send an empty message to php3-unsubscribe <email protected>
To subscribe to the digest list:  php3-digest-subscribe <email protected>
For help: php3-help <email protected>  Archive:  http://www.php.net/mailsearch.php3
--
PHP 3 Mailing List   http://www.php.net/
To unsubscribe send an empty message to php3-unsubscribe <email protected>
To subscribe to the digest list:  php3-digest-subscribe <email protected>
For help: php3-help <email protected>  Archive:  http://www.php.net/mailsearch.php3

• Next message: Sander Steffann: "Re: [PHP3] Security concern w/ PHP3/FrontPage combo"
• Previous message: Adam Trachtenberg: "Re: [PHP3] Quick formatting question"
• Maybe in reply to: Sparks, Alan: "[PHP3] Security concern w/ PHP3/FrontPage combo"
• Next in thread: Sander Steffann: "Re: [PHP3] Security concern w/ PHP3/FrontPage combo"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Columns / Articles | Tips / Quickies | News | News Linking and RSS Feeds | Shared Code Library Mail Archives | Support / Discussion Forums | Get Started! Links | Contribute! | Docs