Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:65416 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 11256 invoked from network); 29 Jan 2013 16:12:14 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 29 Jan 2013 16:12:14 -0000 Authentication-Results: pb1.pair.com header.from=zeev@zend.com; sender-id=unknown Authentication-Results: pb1.pair.com smtp.mail=zeev@zend.com; spf=unknown; sender-id=unknown Received-SPF: unknown (pb1.pair.com: domain zend.com does not designate 209.85.214.172 as permitted sender) X-PHP-List-Original-Sender: zeev@zend.com X-Host-Fingerprint: 209.85.214.172 mail-ob0-f172.google.com Received: from [209.85.214.172] ([209.85.214.172:57520] helo=mail-ob0-f172.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 70/45-10721-DD4F7015 for ; Tue, 29 Jan 2013 11:12:13 -0500 Received: by mail-ob0-f172.google.com with SMTP id tb18so587447obb.17 for ; Tue, 29 Jan 2013 08:12:11 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=x-received:references:from:mime-version:in-reply-to:date:message-id :subject:to:cc:content-type:content-transfer-encoding :x-gm-message-state; bh=nGRD0TVsqOXgw0xF6lk7vFs+6knYTei24DugDP2ajiQ=; b=o0IaFECcv2g45H9QGaMU0pdGoIY6HT+G32tl5F+FJMsgAHcaxU0gSnkm3WdACismW1 z/fNcZY1G4/TneJw6pSXd7WNnG9dIHLYrGVF3qqcoh/JkZPVALvvX/QowEYUQARmUrl2 Gd2DWXVbocXw4XBOqyvCGQyghNoKJWIdxZ5w7achXUZA/mbypO4MfxrcKuo4pJAoYmXP 452krDMogzauWDZyZL9yp+STAk2C1lbDqKx4TPeL5Bkus/CWbZKwphCWDSSDCD9rI6z2 YwtNeupfV1MU12pQoPCIjecpyltXZR0jW55Yp4j83wxo3wI+GFNLBIY9I6EDCY1zA/HK sWsA== X-Received: by 10.60.32.200 with SMTP id l8mr1184908oei.43.1359475930998; Tue, 29 Jan 2013 08:12:10 -0800 (PST) References: <1359459921.3916.105.camel@guybrush> <5107CFBD.80606@lerdorf.com> <5107EE1A.2050100@gmail.com> Mime-Version: 1.0 (1.0) In-Reply-To: <5107EE1A.2050100@gmail.com> Date: Tue, 29 Jan 2013 18:12:12 +0200 Message-ID: <-5536583304714453242@unknownmsgid> To: =?UTF-8?B?w4FuZ2VsIEdvbnrDoWxleg==?= Cc: Pierre Joye , PHP internals , Rasmus Lerdorf Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Gm-Message-State: ALoCoQmu+L2379iX9+VQSqE9JiRQrC+md96X2j+rKisfpMEYwcDmwtsh60HnndMbbMGLfvTS9wA8ttVE+wM3DRljSYQF3U9bHhesitsS90Pq6Omi3E7PiTZglwyOtKm6xR5FYbdy/D+o Subject: Re: [PHP-DEV] ZTS - why are you using it? From: zeev@zend.com (Zeev Suraski) On 29 =D7=91=D7=99=D7=A0=D7=95 2013, at 17:45, "=C3=81ngel Gonz=C3=A1lez" <= keisial@gmail.com> wrote: > On 29/01/13 15:21, Pierre Joye wrote: >> On Tue, Jan 29, 2013 at 3:16 PM, Zeev Suraski wrote: >>> On Windows with impersonation you're actually in a better situation tha= n >>> you are in Linux. You could hold a small pool of processes and handle = as >>> many different users as you'd like. >> Works fine with ZTS too btw, IIS takes care about managing the >> respective application pools. >> >> But yes, impersonation is a huge on Windows/IIS, get ride of >> openbasedir and all that in one go (and again, not NTS specific). > > Wouldn't that be equivalent security-wise to running the server on linux > as root for > calling setuid() to each user? No, because the process is reusable and can be switched to other creds. Zeev