The discussion here.
https://forum.hestiacp.com/t/is-hestiac ... tack/14909
https://smitka.me/2024/06/03/teaser-vla ... -industry/
https://smitka.me/2024/06/08/vladimir-v ... r-php-fpm/
https://smitka.me/2024/06/25/vladimir-v ... ix-socket/
Is myvestacp secure from local attack?
-
myVesta
- Site Admin
- Posts: 963
- Joined: Fri Jun 19, 2020 9:59 am
- Has thanked: 10 times
- Been thanked: 6 times
In default variant (nginx+apache+phpfpm) = not vulnerable, because open_basedir will prevent access to /var/run/php/
In the nginx+phpfpm variant (installed on less than 1% of myvestacp servers) = it is vulnerable from the local environment because PHP-FPM uses a local TCP port that another user can access. However, we believe that nobody uses this variant for shared hosting.
In the nginx+phpfpm variant (installed on less than 1% of myvestacp servers) = it is vulnerable from the local environment because PHP-FPM uses a local TCP port that another user can access. However, we believe that nobody uses this variant for shared hosting.