MRatWork Forum by Mustafa Ramadhan
Sawo Project - Kloxo-MR Discussions => Kloxo-MR Technical Helps => Topic started by: chrisf on 2013-12-30, 13:55:49
-
I am wondering if KloxoMR uses suEXEC for cgi scripts? Also wondering if CGI scripts can be run in any directory under /home/client/ or must it be /home/client/cgi?
-
SuExec is specific for apache. It's 'old-fashion' for security (access docroot based on 'user').
No need for fastcgi (declare as 'php-fpm' in Kloxo-MR, suphp and mod_php_ruid2/itk).
-
My concern is a client uploading a perl or bash script that can overcome the basedir restrictions you just added to php-fpm. How to protect from other scripting languages?
-
My concern is a client uploading a perl or bash script that can overcome the basedir restrictions you just added to php-fpm. How to protect from other scripting languages?
Latest version of 6.5.0/6.5.1 already fix this issue (basedir issue).
-
Yes, I see in php-fpm template. This is only for PHP, it doesn't protect other scripting languages. Example would be perl.
-
Suexec still exist in apache config. You can see something like '<IfModule suexec.c> SuexecUserGroup admin admin </IfModule>' inside apache domain config.
-
But doesn't there need to be a template, or it updated within each virtual host, or domain?
I am new to suEXEC and am confused slightly. But from my reading it is a must in shared hosting to stop malicious scripts.
Please advise.
-
Suexec already on in apache. You can see 'notice' in /var/log/httpd/error.log about suexec.