[ale] is there hope for securing php?
Leam Hall
leamhall at gmail.com
Wed Jun 6 05:12:43 EDT 2012
On 06/05/2012 11:48 PM, Jim Kinney wrote:
> http://koji.fedoraproject.org/koji/packageinfo?packageID=7917
>
> There is a selinux package for php that can be used to wrap it with
> kernel armor that, in an selinux way, can be used to block privilege
> escalations and unauthorized file writes.
>
> It still requires an selinux guru to totally hack the rules into a
> custom form for a web app but the wrapper does exist.
>
> This would make drupal and wordpress not quite so scary to run.
>
The difference between PHP and most other web facing languages is usage,
not vulnerabilities. Because PHP is used to interact with users, and
abusers, there will always be issues with how the code is written.
While PHP has room for improvement, I have not seen that the language
itself is any worse than the other scripting languages out there.
The key issue is that PHP scripts run as the webserver and you have to
code heavily against privilege escalation outside of what your webpage
should do.
Leam
More information about the Ale
mailing list