[thelist] PHP Perl Apache security

Steve Lewis nepolon at worlddomination.net
Mon Jul 21 14:05:07 CDT 2003


Keith wrote:

> We're wondering how others handle the inherent insecurity of running 
> both PHP and Perl in a virtualhosting environment on Linux servers. 
> We've run the two 

Here is an observation:

You don't need world-write permissions, you need the Apache user to have 
write permissions.  Change owner or group on the PHP domains, turn on 
the correct write bit.  Sandbox your PHP domains and your Perl domains 
separately with open_basedir and SuExec respectively.

Perl cannot now write to files in PHP domains because they are no longer 
running as the Apache user.  Simiarly, PHP domains cannot get out of 
their domain sandbox to write to Perl domains.

Anyone see any problems with this?

Steve



More information about the thelist mailing list