thoroughfare
Verified User
- Joined
- Aug 11, 2003
- Messages
- 575
For those despairing at the intrinsic lack of security in the current PHP/virtualhost/Apache setup, please see this:
http://www.telana.com/peruser.php
It's an MPM processsor for Apache, that spawns an Apache process for each virtualhost, as the user that you specify. It also supports chrooting and mod_ssl! It doesn't use threads (unlike the perchild MPM) so it safe to use for PHP.
The caveat is that it's a very young project with only one developer. It seems that it works quite well on most Linux systems, but it's causing Apache to segfault on my FreeBSD box.
I'm gonna post an installation how-to in a minute. Please bear in mind that THIS SOFTWARE IS EXPERIMENTAL, but please please do try it on your test boxes and send in patches, suggestions, etc.
This is a revolutionary MPM that solves a lot of security headaches... no need for safe_mode anymore
Matt
http://www.telana.com/peruser.php
It's an MPM processsor for Apache, that spawns an Apache process for each virtualhost, as the user that you specify. It also supports chrooting and mod_ssl! It doesn't use threads (unlike the perchild MPM) so it safe to use for PHP.
The caveat is that it's a very young project with only one developer. It seems that it works quite well on most Linux systems, but it's causing Apache to segfault on my FreeBSD box.
I'm gonna post an installation how-to in a minute. Please bear in mind that THIS SOFTWARE IS EXPERIMENTAL, but please please do try it on your test boxes and send in patches, suggestions, etc.
This is a revolutionary MPM that solves a lot of security headaches... no need for safe_mode anymore
Matt