Open main menu

OpenVZ Virtuozzo Containers Wiki β

Changes

Shared webhosting

472 bytes added, 15:36, 2 August 2006
The problem
'''Note: this is my first try to create an Wiki article. Please modify :-)'''
One of the problems with shared webhosting (i.e. different people with each his/her own webpages) is that modern script languages such as PHP, Python or Perl are to powerfull. They can read almost every file on the system. For example take the following PHP script:
<pre>
</pre>
With PHP you could use open_basedir to prevent this, but there are more ways. And Another example is [http://mgeisler.net/php-shell/ PHP Shell], a script that is [http://mgeisler.net/downloads/phpshell/SECURITY often mis-used] by people with not-so-good intentions. Or think about the [http://www.f-secure.com/v-descs/santy_a.shtml Santy-worm] which mis-used phpBB. Again there is a solution in the form of safe_mode, but lots of PHP scripts break if you enable this. For Python, Perl or CGI-scripts there is are no easy wayways and you have to use wrappers or other tricks to chroot these. Plus that Most users don't care if it is want to hear about security (unless you show them how easy it is)and just want there scripts to work. Some do care, so there but his/her own server is a big dillemamuch to expensive. And finally we didn't even talk about hidden bugs in almost every security measure we takementioned. A knowledgeable person can almost certain find backdoors because of the vast amount of possibilities these scripting languages offer.
== The solution ==
32
edits