Date: Wed, 27 Jul 2005 17:01:46 +0300 From: Todor Dragnev <todor.dragnev@gmail.com> To: "'Thomas Krause'" <freebsd-isp@chef-ingenieur.de> Cc: freebsd-isp@freebsd.org Subject: Re: preventing a user to start a process Message-ID: <200507271701.46118.todor.dragnev@gmail.com> In-Reply-To: <20050727065843.8F30543D46@mx1.FreeBSD.org> References: <20050727065843.8F30543D46@mx1.FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Before years I do a lot of testings with LIDS and grsecurity on linux. With these tools is possible to set rules what system commands or which files(by inodes) can be accessed from user or process (pid or name). I have no experience with freebsd, but maybe it is possible to solve problem in same way. On Wednesday 27 July 2005 09:58, David Hogan wrote: > > Unfortunately, that is not possible. E.g. typo3 calls Imagemagick, so I > > need system(). > > Hmmm ... ok > > are you aware you can override many php.ini settings on a per directory > basis or even per vhost basis (I think) ? If you didn't have too many > exceptions, you could deny system() globally, then allow it just for > trusted users or scripts. > > Hope this is practical, > Dave > > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200507271701.46118.todor.dragnev>