Hi. On Tue, 24 Dec 2013 08:57:36 +0100 Raffaele Morelli <raffaele.more...@gmail.com> wrote:
> Keep in mind that if a php script is owned by root user and there's a > security hole in it, an attacker can easily access every block of your file > system. Executing root-owned php script by www-data user will give you a process which is owned by www-data. Executing root-owned SUID php script by www-data user will give you a process (surprise!) which is owned by www-data. You should try it yourself sometimes. Now, if disks' block devices are owned by www-data too that really can be a problem. Or if disks' block devices had permissions that allowed www-data to read from them. Since in stock Debian configuration there are no such block or char devices - there is no problem. Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131224120653.9b50357fb5cab3c9742a7...@gmail.com
