The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

question on php security

Discussion in 'Security' started by jarek, Sep 16, 2003.

  1. jarek

    jarek Member

    Joined:
    Jul 19, 2003
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    I've FreeBSD machine with Apache + php in suexec mode.

    Now, each php script works with privileges of right user and It working correctly.

    I've one problem. Users can look into system directories and files, like /etc/passwd. How to protect it? For some reasons, I don't want allow users to look into other places than their account.

    How to do it?

    I must have safe_mode disabled.

    Thanks for help

    cPanel.net Support Ticket Number:
     
  2. cortices

    cortices Well-Known Member

    Joined:
    Mar 10, 2003
    Messages:
    45
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Dallas, TX
    At least the Linux version has an option to enable the PHP option open_basedir for each virtual host in the "Tweak Security" section. Even if it's not there, you can add it to your httpd.conf.

    This prohibits PHP scripts from reading from or writing to a file outside of the directories listed in the open_basedir setting.

    It is much more flexible solution than safe mode.

    cPanel.net Support Ticket Number:
     
  3. jarek

    jarek Member

    Joined:
    Jul 19, 2003
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1


    Not. I can't do it in this way, because php is working as cgi not as apache module. And it not depend on my OS.

    Any other ideas?

    Jarek

    cPanel.net Support Ticket Number:
     
  4. munk

    munk Member

    Joined:
    Sep 6, 2003
    Messages:
    24
    Likes Received:
    0
    Trophy Points:
    1
    Out of interest how did you setup apache+php with suexec on FreeBSD?

    cPanel.net Support Ticket Number:
     
  5. jarek

    jarek Member

    Joined:
    Jul 19, 2003
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    /scripts/easyapache or Apache Update in WHM. Works well. PHP is working as CGI, not as mod_php4.so.

    cPanel.net Support Ticket Number:
     
  6. munk

    munk Member

    Joined:
    Sep 6, 2003
    Messages:
    24
    Likes Received:
    0
    Trophy Points:
    1
    Ah right thanks for the tip. This is something we need to consider as well since bounces from CGI scripts always come back to the user apache is running as which is highly annoying.

    Sorry I can't help right now :( Perhaps a jail/chroot solution to lock users into their home directories?

    cPanel.net Support Ticket Number:
     
Loading...

Share This Page