|
|
Posted by Jerry Stuckle on 05/19/06 14:52
Julien Biezemans wrote:
> Hi!
>
> Here is the problem: I'd like to restrict local filesystem stream
> operations to one directory just like a root jail.
>
> fopen('/file.bin') would actually open /some/path/file.bin.
>
> One goal of this behavior is to prevent Xinclude instructions to point
> to "out of application directory" files when processed by the XSLT
> processor, among other things.
>
> I've been reading all I can about streams and wrappers and came to the
> conclusion that one have no possibility of rewriting a stream wrapper
> for the file:// scheme. Even if we can unregister the built-in wrapper
> and register a custom one, we have no way to do the actual on-disk
> stream operations within that wrapper.
>
> My idea was to:
>
> 1. register a custom scheme that would use the built-in wrapper used to
> handle the file:// wrapper. That could even be something dynamic to
> prevent 3rd-party XML documents to use that unrestricted scheme. let's
> say we give it a static name and call it "file.full://".
>
> 2. write a wrapper rejecting operations on files outside of the allowed
> jailed directory. that wrapper would use the file.full:// scheme to
> actually write/read data, after having mapped jailed paths to real
> filesystem paths.
>
> Here is an example:
>
> 1. An XML document needs "/dir/file.xml" to be xinclude'd by the XSLT
> processor.
>
> 2. The custom file:// wrapper receives the request and maps
> "/dir/file.xml" to "/var/www/data-jail/dir/file.xml". It then uses the
> file.full:// scheme to pass the request to the real wrapper. This means
> that what I wanted was a situation where "file:///dir/file.xml" is
> equivalent to "file.full:///var/www/data-jail/dir/file.xml".
>
> As already said, file.full could be dynamic to prevent the XML document
> from using the unrestricted wrapper.
>
> Ideally, PHP would provide the classes that handle the built-in schemes.
> Imagine that 'BuiltInFileWrapper' is the class that handle file://
> streams by default:
>
> <?php
> stream_wrapper_unregister('file');
> stream_wrapper_register('file', 'CustomRestrictedFileWrapper');
> stream_wrapper_register('file.full', 'BuiltInFileWrapper');
> ?>
>
> In this example my CustomRestrictedFileWrapper class may still actually
> handle the read/write operations through the file.full scheme.
>
>
>
> Is there any solution to simulate this? How can I get that behavior?
>
> Another less important question is: is it possible to register another
> default scheme than file://?
>
> Thank you very much for your help,
>
> Julien.
Actually, I think this is a job better suited for the Apache configuration. Try
alt.apache.configuration
You may also be able to do some of it at the OS (assuming you're using a version
of Unix/Linux).
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================
Navigation:
[Reply to this message]
|