Now I'm confused, you say suphp is better than ruid2, even though suphp uses more resources?
ditto/emmanuel are talking about security, not resources.
There seems to be the risk that the whole uid swapping story ruid uses, also creates the extra risk of swapping it to root (in the event of httpd is exploitable) again see this topic
http://www.directadmin.com/forum/showthread.php?t=37467#7
I've got a grsecurity patched kernel which *should* protect me against it, together with the benefits, and small risks I feel safe using mod_ruid2.
--
I've also searched about it on the web and found the following:
old thread about mod_ruid(1)
posix_setuid(0);
# Crash the system through L1nux's "killing processes makes them
die" vulnerability!
posix_kill(1, SIGKILL);
I've tested this:
PHP:
<?php
echo posix_getuid()."<br>\n";
echo posix_geteuid()."<br>\n";
posix_setuid(104); // or any other uid
echo posix_getuid()."<br>\n";
echo posix_geteuid()."<br>\n";
?>
All keep the same uid, so this doesn't work.
They talk about it (again the old version) on the dutch
webhostingtalk having more tests.
I've tested it, putting the compiled test.cc in /cgi-bin/ trying to set the uid to 0 ( setuid(0); ), and it fails: the same uid remains.
Another test in the same
thread using scripts on
http://www3.servertje.net/ruid/
Also put it to the test. You create a .so module to load it in php. This one actually
does set the uid to root, if you have the compiled .so (could be compiled remote, uploaded),
but you would also need the php function dl(); and enable_dl = 1;
But of course you have this disabled in php.ini. I've also added --disable-posix in the php build paramters just to be sure on the posix functions.
If anyone else has more info, please share. What I also wonder is if it would be possible to prevent posix uid swappings to root just to tackle it all together.