[21380] in bugtraq
Re: [BUGTRAQ] php breaks safe mode
daemon@ATHENA.MIT.EDU (Krzysztof Dabrowski)
Fri Jul 6 15:33:34 2001
Message-Id: <5.1.0.14.0.20010706110027.03393fe0@poczta.pol.pl>
Date: Fri, 06 Jul 2001 11:00:29 +0200
To: bugtraq@securityfocus.com
From: Krzysztof Dabrowski <brushlst@pol.pl>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Hello,
A think that there is a lot of misunderstanding about how safe/unsafe your
mod_php installatin can be.
Here follows my explanations:
1. Run your webserver in a chroot enviroment - this wont solve ALL your
problems, but it certainly helps.
><? system("killall -9 httpd"); ?>
>
>Not completely true. Apache's master process still runs as root, someone
>with access as the web user could kill the child processes which are passed
>new requests, but they would be restarted.
2. Use safe mode.
And use it with conjuction with "safe_mode_exec_dir" directive. Set it to
you "trusted" bins dir, and it'll allow people to run binaries ONLY from
this dir.
>The more insidous problem with using PHP (module) on an Apache setup is that
>any user can access the scripts of any other user account. The web server
>user needs reads access to every file to serve it, the Apache process runs
>every user's code under the same account (unless its compiled as a CGI and
>suexec is setup, but that causes its own problems), allowing someone to
>go through the database of a ecom company hosted on the same server quite
>easily.
3. User "open_basedir"
Set it to (together):
a) User's dir
b) public include dir
Now your users wont be able to snoop into others dirs
4. Do not use "sendmail" or similar program to send mail from php (and
certainly do not put sendmail binary into your trusted path). Use sockets
based php email class (available on the net).
Using these techniques, you can get reasonably safe mod_php installation.
Kris
