httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Kew <n...@webthing.com>
Subject Re: [users@httpd] How do I keep Virtural hosts from seeing the others document root?
Date Sun, 06 Mar 2011 23:49:00 GMT
On Sun, 6 Mar 2011 22:43:36 +0000 (UTC)
aaronrus@comcast.net wrote:

> I could jail the www-data account but this would not prevent one virtual host from seeing
another using a phpshell since they would be in the same jail. 

Yep.  Virtualhosts aren't designed for that level of security.

You forgot to tell us what platform you're on.  You have one
suggestion based on FastCGI, and one I've never heard of based
on selinux.  Two simpler alternatives are CGI with suexec
(which is cross-platform) or mod_privileges (for Solaris).

-- 
Nick Kew

Available for work, contract or permanent.
http://www.webthing.com/~nick/cv.html

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message