[prev in list] [next in list] [prev in thread] [next in thread]
List: php-general
Subject: [PHP] php-fpm, chroot & apc/opcache key collision
From: etienne.champetier () free ! fr
Date: 2014-02-27 13:11:06
Message-ID: 166771576.1110535102.1393506666795.JavaMail.root () zimbra65-e11 ! priv ! proxad ! net
[Download RAW message or body]
Hi,
I'm running multiple php site, with nginx 1.4 + php-fpm 5.3 (on centos 6.5, i'm also \
considering php 5.5), and i'm looking into ways to secure my setup and the best way \
seems to use chroot.
I'm using apc and i will use opcache, and they both use the full path as key in the \
cache, and with chroot you might and up with collision.
The problem is that by default opcache.revalidate_freq is at 2sec,
so you can 'attack' a secure chroot from a compromised one (i've tested it and it \
work perfectly). (same can happen with apc.stat=0)
So how to use php-fpm, chroot and apc/opcache?
Thanks in advance
Etienne
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic