preventing a user to start a process
Todor Dragnev
todor.dragnev at gmail.com
Wed Jul 27 14:01:56 GMT 2005
Before years I do a lot of testings with LIDS and grsecurity on linux. With
these tools is possible to set rules what system commands or which files(by
inodes) can be accessed from user or process (pid or name). I have no
experience with freebsd, but maybe it is possible to solve problem in same
way.
On Wednesday 27 July 2005 09:58, David Hogan wrote:
> > Unfortunately, that is not possible. E.g. typo3 calls Imagemagick, so I
> > need system().
>
> Hmmm ... ok
>
> are you aware you can override many php.ini settings on a per directory
> basis or even per vhost basis (I think) ? If you didn't have too many
> exceptions, you could deny system() globally, then allow it just for
> trusted users or scripts.
>
> Hope this is practical,
> Dave
>
> _______________________________________________
> freebsd-isp at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-isp
> To unsubscribe, send any mail to "freebsd-isp-unsubscribe at freebsd.org"
More information about the freebsd-isp
mailing list