Quote:
|
Originally Posted by Haugland
There's obviously benefits to running as phpsuexec, but it also lowers security in different areas.
|
Precisely! (Thank you Haugland.)
I agree completely. Some people on this forum portray phpsuexec as the best thing since sliced bread and/or without any faults.
Writing "correct" code is certainly desirable, but unfortunately we're still a long way off from dependable ways to get reasonable guarantees of code quality.
Without phpsuexec, there was a relatively simple mechanism - namely that of the OS's file permissions system - to be able to sandbox php applications [edit: sandbox it from *my* files, rather than other people's www files]. For example, by simply making sure my mail folders are owned by me:mail and have 660 perms, I have a fairly reasonable guarantee that any process running as nobody (i.e. php apps in a pre-phpsuexec era) won't be able to read or write to them.
With phpsuexec, this is no longer the case. Now, if surpass gives us two accounts per package - one for mail and one for www - that will give something near the best of both worlds (i.e. your php apps are isolated from other users' files, and furthermore they're isolated from your non www files).