Running Perl / CGI from noexec partition
I want to mount the partition /home as noexec and then still be able to execute perl / cgi files. I know this is not possible under Apache. Is this possible or already supported under llitespeed **?
The main reason for this is that sometimes client's accounts get hacked. Apache is such that it can allow the running of programs that they upload sometimes to the server. While it's possible to track down the files and harden against those systems, I would like to prevent them from the beginning.
I think it may not be possible, even though there is a trick can execute an executable on noexec partition. But it is just a hack, may be disabled in later release.
To better deal with vnlerable scripts, my suggestion is to harden the security on your server as much as you can, and chroot if you can, even when they upload some bad scripts, the script may not able to execute in a chroot jail due to missing system commands or someting. Even when the script get executed, it will not able to do harm to your system files.
LSWS provides you such a platform that you can implement those easily. :-)
|All times are GMT -7. The time now is 06:22 AM.|