Bugtraq mailing list archives
Re: [BUGTRAQ] php breaks safe mode
From: Krzysztof Dabrowski <brushlst () pol pl>
Date: Fri, 06 Jul 2001 11:00:29 +0200
Hello, A think that there is a lot of misunderstanding about how safe/unsafe your mod_php installatin can be. Here follows my explanations:1. Run your webserver in a chroot enviroment - this wont solve ALL your problems, but it certainly helps.
<? system("killall -9 httpd"); ?> Not completely true. Apache's master process still runs as root, someone with access as the web user could kill the child processes which are passed new requests, but they would be restarted.
2. Use safe mode.And use it with conjuction with "safe_mode_exec_dir" directive. Set it to you "trusted" bins dir, and it'll allow people to run binaries ONLY from this dir.
The more insidous problem with using PHP (module) on an Apache setup is that any user can access the scripts of any other user account. The web server user needs reads access to every file to serve it, the Apache process runs every user's code under the same account (unless its compiled as a CGI and suexec is setup, but that causes its own problems), allowing someone to go through the database of a ecom company hosted on the same server quite easily.
3. User "open_basedir" Set it to (together): a) User's dir b) public include dir Now your users wont be able to snoop into others dirs4. Do not use "sendmail" or similar program to send mail from php (and certainly do not put sendmail binary into your trusted path). Use sockets based php email class (available on the net).
Using these techniques, you can get reasonably safe mod_php installation. Kris
Current thread:
- Re: [BUGTRAQ] php breaks safe mode Krzysztof Dabrowski (Jul 06)