Apache - suExec - FastCGI - PHP = seciruty issue
Posted
by
Jari V.
on Server Fault
See other posts from Server Fault
or by Jari V.
Published on 2012-08-27T22:14:28Z
Indexed on
2012/08/29
15:40 UTC
Read the original article
Hit count: 272
I installed Apache with FastCGI (mod_fastcgi), suExec and PHP on my local development box. Working perfectly, expecting one thing.
Let's say I have two users:
user1 - /home/user1/public_html
user2 - /home/user2/public_html
I discovered a serious security hole in my configuration: I can include a file from user2 web root in user1 file. How to prevent? Any tips?
php-cgi
process is running under correct user.
© Server Fault or respective owner