The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

suhosin.executor.func.blacklist is override with user php.ini

Discussion in 'Security' started by Mozafary, Sep 30, 2010.

  1. Mozafary

    Mozafary Member

    Joined:
    Sep 30, 2010
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Hi
    I have an issue with suhosin.executor.func.blacklist , it completely disabled when a user put a php.ini in site!
    How can i fix this problem?

    PHP:

    php 
    -v
    PHP 5.2.13 
    (cli) (builtJun 30 2010 13:15:13
    Copyright (c1997-2010 The PHP Group
    Zend Engine v2.2.0
    Copyright (c1998-2010 Zend Technologies
        with Zend Optimizer v3.3.9
    Copyright (c1998-2009by Zend Technologies
        with Suhosin v0.9.29
    Copyright (c2007by SektionEins GmbH


     
  2. cPanelJared

    cPanelJared Technical Analyst
    Staff Member

    Joined:
    Feb 25, 2010
    Messages:
    1,842
    Likes Received:
    18
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    Restrict php.ini

    You can prevent users from using their own custom php.ini files by editing /opt/suphp/etc/suphp.conf and removing the comment characters (semicolons, ";") from the following directives:

    Code:
    [phprc_paths]
    ;Uncommenting these will force all requests to that handler to use the php.ini
    ;in the specified directory regardless of suPHP_ConfigPath settings.
    ;application/x-httpd-php=/usr/local/lib/
    ;application/x-httpd-php4=/usr/local/php4/lib/
    ;application/x-httpd-php5=/usr/local/lib/
    This will force all users' PHP scripts to use the system php.ini, which is normally /usr/local/lib/php.ini.
     
  3. Mozafary

    Mozafary Member

    Joined:
    Sep 30, 2010
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    I want user can override all php.ini settings except disable_functions (or suhosin.executor.func.blacklist)
     
  4. Mozafary

    Mozafary Member

    Joined:
    Sep 30, 2010
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    How can i change some php directive like register_globals for some sites when i disabled php.ini overrideing?
    i check "suPHP_ConfigPath" but it doesn't work.
     
  5. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    If you have PHP 5.2, you cannot use phprc_paths to exclude users and still get suPHP_ConfigPath to work. You will need to instead exclude users by commenting out the phprc_paths again and then restrict using <Location /></Location> tags around suPHP_ConfigPath in /usr/local/apache/conf/userdata/ location, then allow some users to have their own suPHP_ConfigPath in /usr/local/apache/conf/userdata/std/2/username/ location.

    If you have PHP 5.3+, you can define user.ini files for accounts to override the settings or define the settings for set accounts using the path directive in the global php.ini file.

    You can try this guide I recently added for doing this:

    http://forums.cpanel.net/f185/metho...ricting-who-can-use-php-ini-files-167186.html

    Please direct questions you have on it at that location if possible.
     
Loading...
Similar Threads - suhosin executor func
  1. cowner
    Replies:
    7
    Views:
    457

Share This Page