Re: Do I create a security hole?
From: 2Host.com - Robert (admin_at_-NOSPAM-2host.com)
Date: 05/27/03
- Next message: Scott Blankenship: "Re: ssh access"
- Previous message: Jean-Philippe Houde: "Do I create a security hole?"
- In reply to: Jean-Philippe Houde: "Do I create a security hole?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 26 May 2003 17:50:02 -0700
Jean-Philippe Houde wrote:
>
> Hi,
> I'm on a little project just for fun. It involve Apache and PHP.
> I'm just wondering about something.
>
> For this project I would have to create some files in the apache chroot that
> are readable and writable by the www user. I was looking at the httpd man
> page and I've find this.
>
> ---
> For this option to remain secure, it is important that no files or
> directories writeable by user www or group www are created inside the
> ServerRoot.
> ---
>
> Of course it make sens, but what can I do if my PHP script need to write
> some files on the HD? I guess if my script is compromise, it would be
> possible to erase the content of these files...
>
> I would like to have some opinions and/or ideas on this.
>
> Thanks,
> Jean-Philippe
>
> P.S.: I'm running OpenBSD 3.2 with Apache 1.3.26
If you use a PHP as CGI with a CGI wrapper or set it to suid, then it
can run as the user and have permission to delete or modify files you
don't want. If you run it as the global web server user, then other
users have permission to modify, delete or create files that you allow
that CGI and/or PHP user to do--but at least the files owned by your
user that aren't set for world readable, writable and/or executable,
will be safe. Running as the global web server user protects your files
better that aren't specifically (or accidentally) open to modification
by that user, but running as your own user, all bets are off. Though, if
it's a shared server, you are safer from other users on the same system
that may be malicious. Of course, if your script is insecure and allows
someone to do malicious things, you never win. It's best to ensure the
script runs securely. This is not difficult to do with even a little
knowledge. Then, you can protect yourself better from other users and
the outside world. If this is your own system and you don't have other
users, then even if you're safe from other users, you would benefit from
running the scripts with a less privileged user--such as the global web
server user. This means that you are safe from other users on the same
system (since they aren't there) and _if_ a script did have a hole, they
would be limited to the damage they could do. So, dedicated/your own
server->run it as nobody or the web server user. If it's shared->use a
CGI wrapper or MPM or something to protect you from other users.
Finally, overall, write secure scripts, check what's passed to it and
disallow everything by default (to start) and then only allow variables
to be passed that you can completely control--and unless the interface
itself has a vulnerability (i.e., PHP has many times (so don't count on
it 100% of the time), then you're completely safe in that regard.
-- Regards, Robert McGregor - Email: admin@(remove)2host.com. Phone: 530-941-0690 Server admin, support, programming for shared & dedicated web servers Secure, reliable hosting you expect and deserve! http://www.2host.com
- Next message: Scott Blankenship: "Re: ssh access"
- Previous message: Jean-Philippe Houde: "Do I create a security hole?"
- In reply to: Jean-Philippe Houde: "Do I create a security hole?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
