-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I know this is old, does it mean it won't change?
I wanted to do exactly the same than Alexander, this is in my opinion a huge security feature. Eg: i wanted to avoid the use of a wrapper and call directly php-cgi with the right environment variable (i'm not even sure if it's possible), + use the Trusted path execution security feature of grsecurity to prevent all users from running any binary not root-owned. This would prevent local users from modifying their wrapper script and also help to add stronger security measures. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iEYEARECAAYFAk8kGu8ACgkQwt4vS/saKMK0xwCfeXau3yLXOjmZxqyh4wkkszBy rzMAnjHjJGowW3dRHKutENhkMGuj6VoQ =H1Ta -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
