Results 1 to 2 of 2
  1. #1

    Mod_php security risks

    It seems to me that if you don't want to use PHP as a cgi with suphp or some other wrapper and go down the mod_php route you have to accept that it is very insecure. (in the sense that one user can read the site files of other users and browse through the hosting directory, even with safe mode on)

    It's got me thinking that this is possible because of the file system functions built into php so wouldn't it be a reasonable idea to add some chroot type setup to the fopen setup.

    Something reasonable simple would be to have a setting in the php.ini file similar to the base_dir say /hosts/*/ so that php could understand that if it's working in /hosts/domain.com/file.php that it can't carry out any file activity on /hosts/badidea.com/

    Even easier would be for php file activity to only work on it's current working directory down so that it can't work it's way up beyond it's current dir although I guess that would cause issues for quite a lot of software.

    Anyone ever considered this or found any other ways of just preventing the casual hacker from seeing too much of the server?
    Colocation and Dedicated Servers
    www.nwcolo.co.uk

  2. #2
    Sorry to answer my own question here but there may be something possible.

    open_basedir will lock php into say /hosts/ but that still gives one user access to read the files from the user next door.

    My idea would be to modify the fopen_wrapper.c file so that open_basedir is set dynamically to /hosts/domain.com/ each time php runs a secript.

    Only issue now, does php set open_basedir each time a php script is run or does it read it once from the conf file and apply the same setting every time?
    Colocation and Dedicated Servers
    www.nwcolo.co.uk

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •