Hi,
In the past plesk used to disable php functions like exec passthru shell_exec system etc. I noticed that this isn't the case anymore and by default only opcache_get_status is disabled.
I wonder if this is the best and secure configuration. We currently use Cloudlinux (7 and 8) with lsphp (alt-php) and cagefs so most of the securityrisk are beeing taken care of by cagefs. However, if a site gets compromised a hacker can still deploy and run some scripts/binary's within this cage i guess. Also, is it really needed to disable opcache_get_status if you use lsphp as there is a php process for each user within his own cage.
I started this thread with the idea of finding out how other hosting companies configure php and think about these features.
In the past plesk used to disable php functions like exec passthru shell_exec system etc. I noticed that this isn't the case anymore and by default only opcache_get_status is disabled.
I wonder if this is the best and secure configuration. We currently use Cloudlinux (7 and 8) with lsphp (alt-php) and cagefs so most of the securityrisk are beeing taken care of by cagefs. However, if a site gets compromised a hacker can still deploy and run some scripts/binary's within this cage i guess. Also, is it really needed to disable opcache_get_status if you use lsphp as there is a php process for each user within his own cage.
I started this thread with the idea of finding out how other hosting companies configure php and think about these features.