Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:65414 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 8289 invoked from network); 29 Jan 2013 16:07:46 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 29 Jan 2013 16:07:46 -0000 Authentication-Results: pb1.pair.com header.from=pierre.php@gmail.com; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=pierre.php@gmail.com; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.217.173 as permitted sender) X-PHP-List-Original-Sender: pierre.php@gmail.com X-Host-Fingerprint: 209.85.217.173 mail-lb0-f173.google.com Received: from [209.85.217.173] ([209.85.217.173:36847] helo=mail-lb0-f173.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id FA/94-10721-6B3F7015 for ; Tue, 29 Jan 2013 11:07:18 -0500 Received: by mail-lb0-f173.google.com with SMTP id gf7so949453lbb.32 for ; Tue, 29 Jan 2013 08:07:15 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:x-received:in-reply-to:references:date:message-id :subject:from:to:cc:content-type:content-transfer-encoding; bh=8RKZLL7oaXnOP76OkuVg6v7BJx9dRq8JjHtX4RMAWws=; b=sL/xySMVRqeaQ4O/j0byOicZcrmbLahjiA57GD0faSXbILbzl3+SUDRYsK4tqblFu1 fO0tMZzxrZq+eJe6AzXrzJWlS3S0PSBWatMYmZE2v9XBY8qiNsUa6ISlRFqHlRiPGiz5 GcvoG/B+IMpXKli9fu2d0fG+Ki7WHx+NejBSV5lX1MAl+Ab7L5ncatrvIbfflcSQKxKv BISIsEtchU1R+UcdVEcaRLNrV0iIoGdF9SgOo0o1eAilmMUD3lJniH6LKvkDubNnVAmD efcgSZwcEEB5eGlBWb10bI6yu46tNf2/ED5tQznox3PwFCN42uwyxQrm54X6emg4exQf OI4Q== MIME-Version: 1.0 X-Received: by 10.152.105.103 with SMTP id gl7mr1600176lab.41.1359475635286; Tue, 29 Jan 2013 08:07:15 -0800 (PST) Received: by 10.112.2.69 with HTTP; Tue, 29 Jan 2013 08:07:15 -0800 (PST) In-Reply-To: <5107EE1A.2050100@gmail.com> References: <1359459921.3916.105.camel@guybrush> <5107CFBD.80606@lerdorf.com> <5107EE1A.2050100@gmail.com> Date: Tue, 29 Jan 2013 17:07:15 +0100 Message-ID: To: =?ISO-8859-1?Q?=C1ngel_Gonz=E1lez?= Cc: Zeev Suraski , PHP internals , Rasmus Lerdorf Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Subject: Re: [PHP-DEV] ZTS - why are you using it? From: pierre.php@gmail.com (Pierre Joye) On Tue, Jan 29, 2013 at 4:43 PM, =C1ngel Gonz=E1lez wro= te: > On 29/01/13 15:21, Pierre Joye wrote: >> On Tue, Jan 29, 2013 at 3:16 PM, Zeev Suraski wrote: >>> On Windows with impersonation you're actually in a better situation tha= n >>> you are in Linux. You could hold a small pool of processes and handle = as >>> many different users as you'd like. >> Works fine with ZTS too btw, IIS takes care about managing the >> respective application pools. >> >> But yes, impersonation is a huge on Windows/IIS, get ride of >> openbasedir and all that in one go (and again, not NTS specific). > > Wouldn't that be equivalent security-wise to running the server on linux > as root for > calling setuid() to each user? No, not the same, while the results look the same. Cheers, -- Pierre @pierrejoye