Re: [BUGTRAQ] php breaks safe mode

[Krzysztof Dabrowski <brushlst () pol pl>]

Hello,

A think that there is a lot of misunderstanding about how safe/unsafe your
mod_php installatin can be.

Here follows my explanations:

1. Run your webserver in a chroot enviroment - this wont solve ALL your 
problems, but it certainly helps.

> <? system("killall -9 httpd"); ?>
>
> Not completely true.  Apache's master process still runs as root, someone
> with access as the web user could kill the child processes which are passed
> new requests, but they would be restarted.

2. Use safe mode.

And use it with conjuction with "safe_mode_exec_dir" directive. Set it to 
you "trusted" bins dir, and it'll allow people to run binaries ONLY from 
this dir.

> The more insidous problem with using PHP (module) on an Apache setup is that
> any user can access the scripts of any other user account.  The web server
> user needs reads access to every file to serve it, the Apache process runs
> every user's code under the same account (unless its compiled as a CGI and
> suexec is setup, but that causes its own problems), allowing someone to
> go through the database of a ecom company hosted on the same server quite
> easily.

3. User "open_basedir"

Set it to (together):
a) User's dir
b) public include dir

Now your users wont be able to snoop into others dirs

4. Do not use "sendmail" or similar program to send mail from php (and 
certainly do not put sendmail binary into your trusted path). Use sockets 
based php email class (available on the net).

Using these techniques, you can get reasonably safe mod_php installation.

Kris