Date: Tue, 26 Jul 2005 07:11:45 +0200 From: "mdff" <nospam@mgedv.net> To: <freebsd-isp@freebsd.org> Subject: RE: preventing a user to start a process Message-ID: <20050726051141.724D5186800@mgedv.at> In-Reply-To: <42E54654.1090705@chef-ingenieur.de>
next in thread | previous in thread | raw e-mail | index | archive | help
> > Hello, > is it possible to bar a user (www) from starting a process? > I've a irc daemon running under the uid www. I think > this was done by php. What would be the best way to prevent > this (php should be remain usable)? I've installed ipfw rules, > but this doesn't prevent the starting of the process. > jail the whole stuff and put only commands in there, that are required. also, remove write permissions almost everywhere, except where they are absolutely needed. mount a mfs for example with noexec to allow the webserver saving temp-files w/o executing stuff from there. and use php-safe-mode as mentioned before ;-) br
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050726051141.724D5186800>