Re: php breaks safe mode

[Patrick Oonk <patrick () pine nl>]

On Mon, Jul 02, 2001 at 06:51:37PM +0200, Joost Pol wrote:
> On Mon, Jul 02, 2001 at 05:02:50PM +0200, Laurent Papier wrote:
>
> > I think safe_mode should always be used with open_basedir directive in
> > order to limit user filesystem access.
> > As error_log is limited by open_basedir, suexec is not needed to have a
> > secure system as long as open_basedir is correctly set.
> >
> > I see nothing wrong allowing user to use error_log.
> > I don't think PHP-team should change the error-log function.
>
> This will only help when the directory specified in the open_basedir
> directive is a directory in which php code is not interperted. Or a
> directory which is not accesible by the user.
>
> If the directory specified is still accesible by the user, a "malicous"
> user could log php-code to an error log and have it interperted.
>
> Since the error log would be owned by the uid of the webserver, 
> the phpcode logged to the errorlog will be executed with the uid 
> of the webserver.
>
> (eg: log 'showsource($foo)' to bar.php3 and then later execute the 
>      bar.php3 script. bar.php3?foo=/path/to/access_log)
>
> The user could then read and/or write to files owned by the uid of
> the webserver. (not a Good Thing)

SANS has a pretty good php security tutorial at
http://www.sans.org/infosecFAQ/sysadmin/PHP_sec.htm
 

-- 
 Patrick Oonk - PO1-6BONE - E: patrick () pine nl - www.pine.nl/~patrick
 Pine Internet  -  PAT31337-RIPE  -   Hushmail: p.oonk () my security nl
 T: +31-70-3111010  -   F: +31-70-3111011   -  http://security.nl
 PGPID 155C3934 fp DD29 1787 8F49 51B8 4FDF  2F64 A65C 42AE 155C 3934
 Excuse of the day: Electrical conduits in machine room are
 melting.