[prev in list] [next in list] [prev in thread] [next in thread] 

List:       php-general
Subject:    [PHP] php-fpm, chroot & apc/opcache key collision
From:       etienne.champetier () free ! fr
Date:       2014-02-27 13:11:06
Message-ID: 166771576.1110535102.1393506666795.JavaMail.root () zimbra65-e11 ! priv ! proxad ! net
[Download RAW message or body]

Hi,

I'm running multiple php site, with nginx 1.4 + php-fpm 5.3 (on centos 6.5, i'm also \
considering php 5.5), and i'm looking into ways to secure my setup and the best way \
seems to use chroot.

I'm using apc and i will use opcache, and they both use the full path as key in the \
cache, and with chroot you might and up with collision.

The problem is that by default opcache.revalidate_freq is at 2sec,
so you can 'attack' a secure chroot from a compromised one (i've tested it and it \
work perfectly). (same can happen with apc.stat=0)

So how to use php-fpm, chroot and apc/opcache?

Thanks in advance
Etienne

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[prev in list] [next in list] [prev in thread] [next in thread]