29 Aug
2011
29 Aug
'11
11:57 p.m.
You can avoid a lot of the problems by making sure that apache can't write anywhere that is mounted with execute capability.
Or install a security module to do that for you. One that I've written that is nearing the end of its beta:
https://github.com/cormander/tpe-lkm
In some cases, you can even tell it to let apache not exec anything at all, if you're not running cgi scripts or bytecode php deployments (zend, etc).
-- Corey