Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
duskwuff
on Jan 30, 2020
|
parent
|
context
|
favorite
| on:
Facebook PHP Source Code from August 2007
`chroot()` has no place in a web application. The system call requires the process to be running as root.
voltagex_
on Jan 31, 2020
[–]
Can you call that and then drop permissions?
duskwuff
on Jan 31, 2020
|
parent
[–]
In theory, yes. But that's still bad, because it means that a nontrivial amount of your application code (as well as whatever is launching it, like the PHP-FPM server or the web server) is running as root.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
