#ubuntu-server IRC channel
Jim Tarvid
tarvid at ls.net
Mon Mar 26 16:15:40 UTC 2007
You make a good case. ISPConfig is planning on building on lighttpd.
Maybe the VHCS Omega people will as well.
Maybe arbitrary code execution in your own space is enough.
Jim Tarvid
On 3/26/07, Soren Hansen <sh at linux2go.dk> wrote:
> On Mon, Mar 26, 2007 at 11:26:06AM -0400, Jim Tarvid wrote:
> >> I can recommend lighttpd with a per user fastCGI php process
> > The problem is not privilege escalation but the ability to run
> > arbitrary code.
> [..]
> > I am looking for a means to jail virtual users in their user apace.
>
> Confining users to their own space (as dictated by the host system) is
> exactly the problem lighttpd with per-user FastCGI PHP processes solves.
>
> When the user has been jailed in like that, the implications of
> executing arbitrary code is also brought down to a minimum which is
> important as I have yet to see a solution that provides the proper
> balance between limiting which function calls are available to PHP while
> still allowing most interesting software to run without having to make
> all sorts of exceptions.
>
> --
> | Soren Hansen | Linux2Go | http://Linux2Go.dk/ |
> | Seniorkonsulent | Lindholmsvej 42, 2. TH | +45 46 90 26 42 |
> | sh at linux2go.dk | 9400 Norresundby, Denmark | GPG key: E8BDA4E3 |
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.3 (GNU/Linux)
>
> iD8DBQFGB++SonjfXui9pOMRAqQsAJ9HUStUs/8rwQWXQk0svHD4Aa9EVQCeMPqE
> YlKFxHASPXMxOtBZ2bzBxRg=
> =Tb9r
> -----END PGP SIGNATURE-----
>
>
More information about the ubuntu-server
mailing list