PHP CHUID: ZTS Support
Currently chuid does not support ZTS well: the reason is that UID/GID flags in Linux are per-process rather than per-thread. However, Linux capabilities are per-thread. This fact allows to use chuid in a threaded php (e.g., threaded pcgi PHP server we develop).
The idea is that even though we cannot switch the thread to the unprivileged user ID, we still can limit the thread in what it can do — the only capability the thread might need is CAP_DAC_
Ideally we should not allow the user to access files it would not be able to use if it did not have CAP_DAC_READ_SEARCH capability.
EDIT 20111003: ZTS support has been dropped as currently there's no sense to use php-chuid with a multithreaded web server. E.g., Apache will refuse to run as root.
Blueprint information
- Status:
- Not started
- Approver:
- None
- Priority:
- Not
- Drafter:
- None
- Direction:
- Approved
- Assignee:
- None
- Definition:
- Approved
- Series goal:
- None
- Implementation:
- Deferred
- Milestone target:
- None
- Started by
- Completed by
Related branches
Related bugs
Sprints
Whiteboard
ZTS support has been dropped as currently there's no sense to use php-chuid with a multithreaded web server. E.g., Apache will refuse to run as root.