Results 1 to 7 of 7
-
06-30-2009, 12:10 AM #1Junior Guru Wannabe
- Join Date
- Jun 2009
- Posts
- 33
Control panel written in php - security question
Hi,
I am kind of new to PHP
I am developing a site, similar to control panel, where people could register for an account, and upload their web pages.
When people register an account, a folder will be created for the user, and will be named with his/her username. However this folder will be owned by the linuxuser “http” since pages will be uploaded by people via a control panel written in PHP. So folders allocated to users, and any file that gets uploaded via the control panel will all be owned by the linuxuser “http” with permission 755.
Customer authentication is performed using a table stored in MySql. No linuxuser account will be created when a person registers for a webspace/account.
Now this is my question:-
If a CUSTOMER uploads a script, lets say written in php to read any file accessible by the linuxuser “http”, wont he be able to see the contents of those files, including /etc/passwd ?
How do we prevent it? Or is there a better design?
-
06-30-2009, 09:44 AM #2Temporarily Suspended
- Join Date
- Apr 2009
- Location
- localhost
- Posts
- 175
Yes .. he might be able to see those details. One way to prevent this is enable the openbasedir option in php. So the scripts can only run inside the specific folders.
Another option I think is you create your own encryption algorithm by which you rename the files inside before storing and decrypt it when it needs to be downloaded.
-
06-30-2009, 07:24 PM #3Retired Moderator
- Join Date
- Feb 2005
- Location
- Australia
- Posts
- 5,849
Viewing /etc/passwd isn't that big a deal, but you'll have no good way to separate customers from each other. The "better design" is the conventional shared-hosting model where each customer is set up as a different linux user and every user is isolated by file ownership and permissions. If you go ahead with a system like you describe then you should aim to prevent your clients running their own scripts (ie. block execution of both cgi and php (edit: and ssi) in client-accessible areas).
Slightly OT: You might want to look at WordpressMU because it sounds like you may be reinventing it.Chris
"Some problems are so complex that you have to be highly intelligent and well informed just to be undecided about them." - Laurence J. Peter
-
07-01-2009, 02:58 AM #4Junior Guru Wannabe
- Join Date
- Jun 2009
- Posts
- 33
Yes I guess a "better design" is what I should be looking for. Should use linux users.
I found an article on net that seems to address my concern.
jimkeller.blogspot.com/2008/01/php-security-in-shared-hosting.html
Thanks a lot folks for your advises.
Regards.
-
07-07-2009, 07:47 PM #5Junior Guru Wannabe
- Join Date
- Aug 2007
- Location
- Brighton, UK
- Posts
- 66
We found that the conventional shared hosting model was still weak from a security standpoint because many scripts tell you to chmod some of their files to world readable during the install process. This resulted in many of our users having mysql passwords stored and visible to anyone who was looking. Eventually someone did look and we were in trouble. PHP's openbasedir doesn't cover you completely because of SSI and CGI.
The solution that we came up with was to configure apache to run all PHP as CGI and then hack Apache's suexec.c to call chroot() before changing to the user. This gave us PHP that ran as the user chrooted to their home directory, which contained a copy of the FreeBSD base system hardlinked in. This effectively isolates each user and also discourages them from applying insecure file permissions because they're simply not needed. To this day we've had no further security problems.
I believe you can essentially do the things I describe now with suPHP and the like but I haven't tried as we're still using the CGI method with our custom apache patch.
Of course if you don't want your users to be able to run scripts at all then you needn't worry about any of this. But if you do, then I would strongly advise creating separate proper UNIX accounts for each of your users and having their scripts run as them. foobic's right it's not /etc/passwd you wanna be worried about, that file contains no plaintext passwords, but unfortunately eventually there will be other fils on your server that do.
-
07-08-2009, 08:07 AM #6Junior Guru
- Join Date
- May 2009
- Location
- Ulyanovsk, Russia
- Posts
- 204
-
07-10-2009, 06:01 AM #7Web Hosting Master
- Join Date
- May 2009
- Posts
- 1,547
Creating UNIX accounts is the only way to get out of the situation.
Otherwise users who have SSH access will be able to browse through all the files.Webuzo - Multi user control panel supporting Apache, NGinx, MySQL, MariaDB, Percona, LiteSpeed, Varnish, WordPress, etc.
Virtualizor - VPS Control Panel supporting OpenVZ, Xen, KVM and has 200+ OS Templates
Softaculous - Auto Installer with 400+ scripts for Webuzo, cPanel, DirectAdmin, InterWorx, Plesk, etc.
Similar Threads
-
VPS...Control Panel + Security
By Nikolasr in forum Hosting Security and TechnologyReplies: 5Last Post: 03-30-2009, 04:03 PM -
do any control panel packages automate security updates?
By disgust in forum Web HostingReplies: 3Last Post: 02-06-2009, 07:58 PM -
Plesk control panel security warning
By com1usa in forum Hosting Software and Control PanelsReplies: 2Last Post: 03-11-2007, 07:56 PM -
Control Panel Security
By Everyday in forum Hosting Software and Control PanelsReplies: 3Last Post: 03-24-2003, 10:53 AM -
OLM control panel/web mail security
By houghton in forum Web HostingReplies: 8Last Post: 07-12-2002, 05:50 PM