* H D Moore wrote on Thu, Jul 05, 2001 at 14:31 -0500: > On Thursday 05 July 2001 05:11 am, Raptor wrote: > > What do you exactly intend with "minor impact"? > I wonder if VirtualHost based user/group directives would keep > this from happening, No, this will not have any effects on the server childs, but on the executed CGI sub-processes. Since its not possible (well, not without giving up any performance) to setuid at each request (necessary, since all childs are able to handle any request). Since PHP runs in the same process, it runs with the same permissions like all the other childs. > does anyone on the list know of a way to protect against this? drop mod_php, use php via CGI with a slightly modified suexec or add those "shebang" line to your PHP scripts. But this is a performance issue, since having security is slower here :) oki, Steffen -- Dieses Schreiben wurde maschinell erstellt, es trägt daher weder Unterschrift noch Siegel.
This archive was generated by hypermail 2b30 : Fri Jul 06 2001 - 12:20:24 PDT