| 1 |
I haven't seen the problem on this list (but I haven't |
| 2 |
been on this list for very long) but it is a well |
| 3 |
known problem. You can use php in |
| 4 |
safe-mode(http://www.php.net/manual/en/features.safe-mode.php) |
| 5 |
which does if the file a script tries to manipulate |
| 6 |
has the same owner as the php script. In safe-mode you |
| 7 |
can also limit access to certain directories and |
| 8 |
disable certain functions and classes. |
| 9 |
If you want top security you should set up multiple |
| 10 |
chrooted apaches(one for each vitualhost) but (i |
| 11 |
think) this is only possible with IP-based |
| 12 |
vitualhosts. |
| 13 |
|
| 14 |
Leon Schoorl |
| 15 |
|
| 16 |
--- Angel Freire <qwerty@××××××××××××××××××.ar> wrote: |
| 17 |
> Hi, |
| 18 |
> |
| 19 |
> I guess that this has been asking so I just ask for |
| 20 |
> a reference to the a |
| 21 |
> thread where mi question is answer because I can't |
| 22 |
> find it. |
| 23 |
> |
| 24 |
> In this scenario: |
| 25 |
> |
| 26 |
> One webserver that sets Apache User and Group per |
| 27 |
> VirtualHost, with many |
| 28 |
> of these, and each one in a different htdocs of |
| 29 |
> course. |
| 30 |
> |
| 31 |
> If VirtualHost A has some php files with an access |
| 32 |
> mask like 777 (common |
| 33 |
> in hostings) and VirtualHost B 'guess' the VH A full |
| 34 |
> dir it can trough |
| 35 |
> fopen or many other ways open these file. |
| 36 |
> |
| 37 |
> How can I stop users from do that? |
| 38 |
> |
| 39 |
> Thanks, |
| 40 |
> Angel |
| 41 |
> |
| 42 |
> |
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
___________________________________________________________ALL-NEW Yahoo! Messenger - sooooo many all-new ways to express yourself http://uk.messenger.yahoo.com |
Archives