Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:8630
Return-Path: <ilia@prohost.org>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 54689 invoked by uid 1010); 19 Mar 2004 22:09:24 -0000
Delivered-To: ezmlm-scan-internals@lists.php.net
Delivered-To: ezmlm-internals@lists.php.net
Received: (qmail 54665 invoked from network); 19 Mar 2004 22:09:23 -0000
Received: from unknown (HELO asuka.nerv) (24.100.195.79)
  by pb1.pair.com with SMTP; 19 Mar 2004 22:09:23 -0000
Received: (qmail 21402 invoked from network); 19 Mar 2004 22:09:23 -0000
Received: from rei.nerv (HELO dummy.com) (rei@192.168.1.1)
  by asuka.nerv with SMTP; 19 Mar 2004 22:09:23 -0000
Reply-To: ilia@prohost.org
Organization: Prohost.org
To: PHP Developers Mailing List <internals@lists.php.net>
Date: Fri, 19 Mar 2004 17:09:29 -0500
User-Agent: KMail/1.6.1
References: <61700.66.158.132.127.1079718509.squirrel@www.funio.com> <200403191641.18788.ilia@prohost.org> <Pine.LNX.4.58.0403191342520.2205@thinkpad.lerdorf.com>
In-Reply-To: <Pine.LNX.4.58.0403191342520.2205@thinkpad.lerdorf.com>
MIME-Version: 1.0
Content-Disposition: inline
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-ID: <200403191709.29446.ilia@prohost.org>
Subject: Re: [PHP-DEV] new security related directive for php-4.3.4
From: ilia@prohost.org (Ilia Alshanetsky)

On March 19, 2004 04:46 pm, Rasmus Lerdorf wrote:
> Ilia, come back to reality man!

But it's so boring  ;-).

> Are you really suggesting that people use 
> Apache2 with the perchild MPM to solve this problem?  If so, that's pretty
> funny.  I also fail to see how fastcgi solves the thousands of users on a
> machine problem.  It's not like fastcgi can switch back and forth either,
> so you would need to run thousands of backend fastcgi php's all the time.

Thousands of users on a single machines at least half (probably more) use 
dynamic scripts, would require some superb hardware and even then I very much 
doubt it could be done effectively. It would be far more practical and 
economical to have several cheaper servers with perhaps 100-300  (or less) 
users each.

The bottom line that right now solutions do exist, Apache2 perchild MPM could 
work, so will Fastcgi. There are also things like mod_become, mod_suid and 
mod_diffprivs that can perform uid/gid changes for Apache1.

http://www.jdimedia.nl/igmar/mod_suid/
http://www.snert.com/Software/mod_become/
http://sourceforge.net/projects/moddiffprivs/

Unlike with PHP implemented 'security' controls these are much less trivial to 
bypass.

Ilia