[ale] is there hope for securing php?

Leam Hall leamhall at gmail.com
Wed Jun 6 05:12:43 EDT 2012


On 06/05/2012 11:48 PM, Jim Kinney wrote:
> http://koji.fedoraproject.org/koji/packageinfo?packageID=7917
>
> There is a selinux package for php that can be used to wrap it with
> kernel armor that, in an selinux way, can be used to block privilege
> escalations and unauthorized file writes.
>
> It still requires an selinux guru to totally hack the rules into a
> custom form for a web app but the wrapper does exist.
>
> This would make drupal and wordpress not quite so scary to run.
>

The difference between PHP and most other web facing languages is usage, 
not vulnerabilities. Because PHP is used to interact with users, and 
abusers, there will always be issues with how the code is written.

While PHP has room for improvement, I have not seen that the language 
itself is any worse than the other scripting languages out there.

The key issue is that PHP scripts run as the webserver and you have to 
code heavily against privilege escalation outside of what your webpage 
should do.

Leam


More information about the Ale mailing list