On 10/24/2011 12:23 AM, Michal Suchanek wrote:
> Hello,
>
> On 22 October 2011 23:55, Jorge Bo <jorgebo10 / gmail.com> wrote:
>> Hi,
>>
>> I'm a student at the University and currently searching for a
>> topic for my diploma thesis. I would really like to do something
>> Ruby-security related. However, i dont have much knowledge about ruby
>> security i think pehhaps those much involve in Ruby could give me an advice.
> One thing where Ruby is lacking compared to PHP is user isolation on
> shared web hosting.
>
> This is less of an issue with full machine virtualization becoming
> commonplace but still poses barrier to entry in implementing Ruby as
> an alternative to PHP.
>
> A good security topic might be evaluating security of shared PHP
> hosting and either refute there is any security at all or implement
> comparably secure Ruby plugin suitable for shared hosting in
> Apache/nginx/other web server.
>
> Thanks
>
> Michal
>
'thin' and 'unicorn' (just to name some examples) both have built in
support for chrooting under another uid/gid, and even if they wouldn't,
nothing is stopping their root from chrooting them manually, so it has
nothing to do with php at all.

Greets, Chris