The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Security hole?

Discussion in 'Security' started by equens, Mar 15, 2005.

  1. equens

    equens Well-Known Member

    Joined:
    Feb 8, 2002
    Messages:
    270
    Likes Received:
    0
    Trophy Points:
    16
    I have test this function in one domain and I can see the sessions contents for all domains. How can I prevent this?

    PHP:

    function f_ls(){
           
    $command "ls -1 /tmp/sess_*";
           if (
    $proc popen("($command)2>&1","r")) {
                   while (!
    feof($proc)) $contents .= fgets($proc1000);
           }
           
    pclose($proc);
           return 
    explode("\n",$contents);
    }
     
  2. brentp

    brentp Well-Known Member

    Joined:
    Mar 11, 2004
    Messages:
    324
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Ayr, North Queensland, Australia
    use php safemode or disable certain functions.

    Regards,
    Brent
     
  3. equens

    equens Well-Known Member

    Joined:
    Feb 8, 2002
    Messages:
    270
    Likes Received:
    0
    Trophy Points:
    16
    disable_functions

    Ok... implemented disable_functions with popen.

    disable_functions =dl,exec,passthru,popen,shell_exec,system

    I think is more secure now but safemode will be the best solution.
    Thanks!
     
  4. equens

    equens Well-Known Member

    Joined:
    Feb 8, 2002
    Messages:
    270
    Likes Received:
    0
    Trophy Points:
    16
    How can I search in /home directory php files with this function? I want to know how many people will have problems after disable this function in php. Thanks!
     
  5. equens

    equens Well-Known Member

    Joined:
    Feb 8, 2002
    Messages:
    270
    Likes Received:
    0
    Trophy Points:
    16
    open_basedir Protection

    Hello again, why the php open_basedir Protection doesn't prevents users from opening files outside of their home directory with php like /tmp??
     
  6. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Because you need to be able to access temporary files from php scripts. The problem you're seeing is a result of running php without phpsuexec enabled and all sessions are owned by the nobody user. The safest way to prevent this type of access is to use phpsuexec, though it may break some scripts. Then it's up to you to trade-off security with usability. All my servers always have phpsuexec enabled and customers have to work around it.
     
Loading...

Share This Page