View Single Post
Old 09-12-07, 08:46 AM   #7
evilghost
Registered User
 
Join Date: Jul 2005
Posts: 3,606
Default Re: The best security ?

I wanted to add mod_chroot as an option as well for a layered security approach. If the webserver is compromised the system won't be if there's a properly chrooted environment.

One thing to note, PHP's mail() function depends on sendmail and/or other binary. The system() and other shell functions depend on a working shell. I statically compiled mini_sendmail for the chrooted environment. I also use busybox-static from the repo's hardlinked into the chrooted environment.
evilghost is offline   Reply With Quote