suEXEC

[chrisf]

I am wondering if KloxoMR uses suEXEC for cgi scripts?  Also wondering if CGI scripts can be run in any directory under /home/client/ or must it be /home/client/cgi?

[MRatWork]

SuExec is specific for apache. It's 'old-fashion' for security (access docroot based on 'user').

No need for fastcgi (declare as 'php-fpm' in Kloxo-MR, suphp and mod_php_ruid2/itk).

[chrisf]

My concern is a client uploading a perl or bash script that can overcome the basedir restrictions you just added to php-fpm.  How to protect from other scripting languages?

[MRatWork]

My concern is a client uploading a perl or bash script that can overcome the basedir restrictions you just added to php-fpm.  How to protect from other scripting languages?

Latest version of 6.5.0/6.5.1 already fix this issue (basedir issue).

[chrisf]

Yes, I see in php-fpm template.  This is only for PHP, it doesn't protect other scripting languages.  Example would be perl.

[MRatWork]

Suexec still exist in apache config. You can see something like '<IfModule suexec.c> SuexecUserGroup admin admin </IfModule>' inside apache domain config.

[chrisf]

But doesn't there need to be a template, or it updated within each virtual host, or domain?

I am new to suEXEC and am confused slightly.  But from my reading it is a must in shared hosting to stop malicious scripts.

Please advise.

[MRatWork]

Suexec already on in apache. You can see 'notice' in /var/log/httpd/error.log about suexec.