The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

open_basedir doesn't protect well...

Discussion in 'General Discussion' started by jandafields, Feb 3, 2005.

  1. jandafields

    jandafields Well-Known Member

    Joined:
    May 6, 2004
    Messages:
    426
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    USA
    cPanel Access Level:
    Root Administrator
    I am using a php script that allows me to enter a command into the browser, and it executes it with exec().

    If I say "ls /home" it says Permission denied

    However if I say "ls /etc" it works

    Here is my open_basedir config :

    php_admin_value open_basedir "/home/user/:/usr/lib/php:/usr/local/lib/php:/tmp:/home/sqmail"

    Why is it allowing access to /etc (and many more directories) but it does not allow access to anything in /home except the users own stuff.

    I am using suexec and phpsuexec.

    Phpsuexec-support is not checked in the Apache update checklist for building - I don't know what implications that has but that is another issue.
     
  2. jandafields

    jandafields Well-Known Member

    Joined:
    May 6, 2004
    Messages:
    426
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    USA
    cPanel Access Level:
    Root Administrator
    I can easily read lots of files (logs, conf, etc) from a normal users account using php and the browser - no shell access needed.

    Please help!
     
  3. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Yup, that's perfectly normal. If you want to stop that you need to disable the exec() and similar commands in php.ini - try a search on the forums.
     
  4. jandafields

    jandafields Well-Known Member

    Joined:
    May 6, 2004
    Messages:
    426
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    USA
    cPanel Access Level:
    Root Administrator
    How does it stop from viewing /home but not /etc?

    Also, disabling exec() system(), etc breaks certain commercially available php software.
     
  5. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Because of file permissions. /home is usually chmod 711 whereas /etc is 755 (I believe, my systems are locked down). These are common issue with shared web hosting and users will always be able to look around your server to a great extent. Restricting in PHP is something of a moot point, anyway, since you cannot do the same with perl scripts.
     
  6. jandafields

    jandafields Well-Known Member

    Joined:
    May 6, 2004
    Messages:
    426
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    USA
    cPanel Access Level:
    Root Administrator
    Update: I seemed to have fixed this issue by using mod_security.
     
Loading...

Share This Page