On 2013-08-11 Reindl Harald wrote: > Am 10.08.2013 16:52, schrieb Tobias Kreidl: >> It is for this specific reason that utilities like suPHP can be used >> as a powerful tool to at least keep the account user from shooting >> anyone but him/herself in the foot because of any configuration or >> broken security issues. Allowing suexec to anyone but a seasoned, >> responsible admin is IMO a recipe for disaster. > > and what makes you believe that a developer can not be a "seasoned, > responsible admin"? Most developers I have met would focus on getting new features to work rather than secure/reliable operation of the deployed software. > bullshit, many of the "seasoned, responsible admins" which are only > admins are unable to really understand the implications of whatever > config they rollout Apparently you still haven't learned your lesson from being banned from the postfix-users mailing list. Regards Ansgar Wiechers -- "All vulnerabilities deserve a public fear period prior to patches becoming available." --Jason Coombs on Bugtraq
