|
|
Posted by Malcolm Dew-Jones on 12/07/05 00:02
bio-anomoly (biohazard@gardener.com) wrote:
: I was just giving my PHP a bit of a spin, and I noticed that opendir
: opens EVERYTHING, and unix commands can be executed with the ' grave,
: like this 'ls -lR /'.
: Can someone quantify how slack this is? Is it normal practice amongst
: large servers?
It depends entirely on the server setup, and somewhat on the cost. I.e.
I think that inexpensive hosting plans "often" setup one shared server
with a shared apache account that runs all the cgi and php stuff.
You say you can `ls -lR`, but the real question is whether you can
`rm -r /` (don't try that, though I doubt you can).
Also, each user (including yourself) can probably set the access
permissions on your own files, so that the shared server can only see the
files you allow it to see. That doesn't instantly help when it comes to
reading the database password that your scripts need to read, but it does
mean that you can have files stored on the server that cannot be read if
they aren't web pages.
To control access to a password file (e.g. your database password), write
your application as a suid cgi script. (I'm not sure if you can do this
in php though.) Make your password file unreadable except to yourself.
Now make your script suid to your account. Now apache can run your script
and read the password file, but no one can see what it is, all they can do
is what your script wants them to do.
Navigation:
[Reply to this message]
|