| |||||||||||||
CloudLinux busted — twiceCloudLinux busted — twicePosted Jun 28, 2012 19:50 UTC (Thu) by geofft (subscriber, #59789)Parent article: CloudLinux busted — twice
We do a "hack", which is not a pretty one, populating /sys with .htaccess files. This is really needed only by shared hosters, where one of the end users on the server, could be a hacker and could create symlinks that would later be followed by apache to read privileged information. So, uh, why can't they just write their own file system that just exposes a .htaccess in every single directory, and union-mount / overlayfs / aufs it on top of /sys?
(Log in to post comments)
CloudLinux busted — twice Posted Jun 29, 2012 7:10 UTC (Fri) by ekj (guest, #1524) [Link]
Rube Goldberg would be proud !
A separate file-system, union-mounted on top of every filesystem in the machine, all in order to avoid actually configuring Apache correctly.
CloudLinux busted — twice Posted Jun 29, 2012 11:25 UTC (Fri) by robbe (guest, #16131) [Link]
What about a kernel module that on every open() looks if the file has "<VirtualHost" somewhere in it, and rewrites the configuration to something safe on read() in this case? This wonderful piece of technology would need to be closed-source, of course.
CloudLinux busted — twice Posted Jul 5, 2012 14:51 UTC (Thu) by njs (guest, #40338) [Link]
Of course. I know that if *I* put work into programming such a unique feature, I'd certainly not want anyone else to be able to see.
|
|||||||||||||