Hah. Right now, web server engineers are facing one hell of a challenge - security in multi-user environments with server side modules like PHP or mod_perl. Here's what I mean:If I write a standard cgi script, I can set the permissions for that script in such a manner that no-one can read it or execute it but my own username, and that's ok, because apache has su_exec. I'd want to do this because things like mysql passwords could be contained in the script.
If I write a PHP script, though, Apache doesn't start a separate process to manage each PHP script. This is a problem because you cannot chroot() or setuid(). Thus, PHP scripts run as <insert your apache username>. Thus, if I'm on an ISP, I can write a PHP script to read fred's Mysql password out of his PHP script.
There is a minimal solution to the problem -- php Safe mode -- but that seems to need quite a bit of work before I call it industrial grade.
mod_perl will increase performance of software execution a lot at the cost of the standard security model. Makes me wish there was a better way to start "jail threads" - since mod_perl just leaves a bunch of perl interpreters laying around for all of the scripts, it could be done in a jail thread that was chrooted and setuid'd.
