Apache - suExec - FastCGI - PHP = seciruty issue

Posted by Jari V. on Server Fault See other posts from Server Fault or by Jari V.
Published on 2012-08-27T22:14:28Z Indexed on 2012/08/29 15:40 UTC
Read the original article Hit count: 272

Filed under:
|
|

I installed Apache with FastCGI (mod_fastcgi), suExec and PHP on my local development box. Working perfectly, expecting one thing.

Let's say I have two users:

user1 - /home/user1/public_html
user2 - /home/user2/public_html

I discovered a serious security hole in my configuration: I can include a file from user2 web root in user1 file. How to prevent? Any tips?

php-cgi process is running under correct user.

© Server Fault or respective owner

Related posts about apache2

Related posts about fastcgi