[webapps] PHP files owner
Pawel Golaszewski
blues at pld-linux.org
Tue Jun 12 19:01:38 CEST 2007
On Sun, 3 Jun 2007, Tomasz Pala wrote:
> I was considering a bug in any of shipped webapps. Even though the
> server can be safe_mode enabled
...which will be droped in future php releases :)
safe_mode is considered to be obsolete in PHP.
> there is possibility to read information that should remain
> confidential, like valuable for spammers users list from passwd. I leave
> other restrictions out deliberately, as ACLs, open_basedir etc. are not
> part of our default policy.
I see that you have started implementing open_basedir and I think that we
should follow this way. Any restrictions, even very wide by default, would
be nice.
> Currently system-wide package creates bigger threat than any user
> script, no matter how the environment IS secured (safe_mode, suexec PHP
> as CGI etc.). Shouldn't we change default root:root owner to some
> webapps:webapps?
What will it give us? I don't get the point in this moment...
--
pozdr. Pawel Golaszewski jid:blues<at>jabber<dot>gda<dot>pl
--------------------------------------------------------------------------
If you think of MS-DOS as mono, and Windows as stereo, then Linux is Dolby
Pro-Logic Surround Sound with Bass Boost and all the music is free.
More information about the pld-devel-en
mailing list