[CentOS] Apache User Isolation/Perchild, or PHP "chroot"?
Scott Lamb
slamb at slamb.orgFri May 4 06:34:01 UTC 2007
- Previous message: [CentOS] Apache User Isolation/Perchild, or PHP "chroot"?
- Next message: [CentOS] Apache User Isolation/Perchild, or PHP "chroot"?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On May 3, 2007, at 7:39 PM, Dan Mensom wrote: > For the benefit of the archives, here is the quick rundown of what > I did, > following mostly the docs at http://fastcgi.coremail.cn/doc.htm: Thanks; I'll have to look back at your steps if I ever get around to setting up SELinux. >> Now that is a secure option, though not light-weight of course. > > Hrmm.. Not necessarily. Last I checked the Xen people were still in > the > process of hardening their kernel APIs to prevent vm guest breakout. I > don't think the process was completed for 3.0, but I could be wrong.. Well, I hope it is, because I've got a server at a Xen-based virtual hosting company containing somewhat sensitive data. Googling "xen guest breakout" doesn't turn up much. There are people saying they haven't formally proven there are no vulnerabilities in the design or implementation [1], but that's not too surprising - the same's true for the Linux kernel. I basically have to trust Linux anyway in the absence of specific bug reports, or I'd get nothing done. [1] - http://article.gmane.org/gmane.comp.emulators.xen.user/23297 -- Scott Lamb <http://www.slamb.org/>
- Previous message: [CentOS] Apache User Isolation/Perchild, or PHP "chroot"?
- Next message: [CentOS] Apache User Isolation/Perchild, or PHP "chroot"?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list