question on php security
I've FreeBSD machine with Apache + php in suexec mode.
Now, each php script works with privileges of right user and It working correctly.
I've one problem. Users can look into system directories and files, like /etc/passwd. How to protect it? For some reasons, I don't want allow users to look into other places than their account.
How to do it?
I must have safe_mode disabled.
Thanks for help
cPanel.net Support Ticket Number:
At least the Linux version has an option to enable the PHP option open_basedir for each virtual host in the "Tweak Security" section. Even if it's not there, you can add it to your httpd.conf.
This prohibits PHP scripts from reading from or writing to a file outside of the directories listed in the open_basedir setting.
It is much more flexible solution than safe mode.
cPanel.net Support Ticket Number:
Not. I can't do it in this way, because php is working as cgi not as apache module. And it not depend on my OS.Originally posted by cortices
[B]At least the Linux version has an option to enable the PHP option open_basedir for each virtual host in the "Tweak Security" section. Even if it's not there, you can add it to your httpd.conf.
Any other ideas?
Jarek
cPanel.net Support Ticket Number:
Out of interest how did you setup apache+php with suexec on FreeBSD?
cPanel.net Support Ticket Number:
/scripts/easyapache or Apache Update in WHM. Works well. PHP is working as CGI, not as mod_php4.so.Originally posted by munk
Out of interest how did you setup apache+php with suexec on FreeBSD?
cPanel.net Support Ticket Number:
Ah right thanks for the tip. This is something we need to consider as well since bounces from CGI scripts always come back to the user apache is running as which is highly annoying.
Sorry I can't help right nowPerhaps a jail/chroot solution to lock users into their home directories?
cPanel.net Support Ticket Number:
LinkBack URL
About LinkBacks
Reply With Quote