Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:20365 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 27816 invoked by uid 1010); 25 Nov 2005 11:11:44 -0000 Delivered-To: ezmlm-scan-internals@lists.php.net Delivered-To: ezmlm-internals@lists.php.net Received: (qmail 27801 invoked from network); 25 Nov 2005 11:11:44 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 25 Nov 2005 11:11:44 -0000 X-Host-Fingerprint: 80.74.128.22 cassius.sui-inter.net Linux 2.4/2.6 Received: from ([80.74.128.22:53782] helo=cassius.sui-inter.net) by pb1.pair.com (ecelerity 2.0 beta r(6323M)) with SMTP id CC/07-56276-F61F6834 for ; Fri, 25 Nov 2005 06:11:43 -0500 Received: (qmail 11715 invoked from network); 25 Nov 2005 11:10:45 +0100 Received: from 84-73-10-224.dclient.hispeed.ch (HELO ?192.168.32.50?) (84.73.10.224) by cassius.sui-inter.net with (RC4-SHA encrypted) SMTP; 25 Nov 2005 11:10:45 +0100 In-Reply-To: <00A2E2156BEE8446A81C8881AE117F192C1CF6@companyweb> References: <00A2E2156BEE8446A81C8881AE117F192C1CF6@companyweb> Mime-Version: 1.0 (Apple Message framework v746.2) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-ID: Cc: internals Content-Transfer-Encoding: 7bit Date: Fri, 25 Nov 2005 11:10:40 +0100 To: Matthias Pigulla X-Mailer: Apple Mail (2.746.2) Subject: Re: AW: [PHP-DEV] Re: PDM Meeting Notes From: lists@ahlenstorf.ch (Andreas Ahlenstorf) Am 25.11.2005 um 10:51 schrieb Matthias Pigulla: > Because of bugs in the safe_mode implementation (forgetting some > checks?) or conceptual problems? Safe mode doesn't work 'cos there are lots of third party libraries which PHP relies on and don't take care of the safe mode. That's why you can't assure security in you application and why it's up to your operating system to care about security. >> I have always maintained that shared hosts should be running >> per-security context Apache instances as different users. > > The problem with that is that it makes name-based virtual hosts pretty > pointless because each apache instance will at least need an ip > address > on its own. It seems you've never heard of suexec, FastCGI, MPM Perchild (ok, this one is broken) and Zeus (has nothing to do with Apache, but is a good product). It's possible to have name based virtual hosts in Apache2 and PHP processes running in the context of every user with a patched suexec, mod_fastcgi and one single IP. Regards, A.