Re: User question for PHP

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, 20 Oct 2006 15:49:14 +1000, Chris wrote:

> Andy Hultgren wrote:
>> To whoever was asking this (sorry didn't see the original email):
>> 
>>>> Is it possible to have a PHP script execute as the user of the domain
>>>> instead of the webserver? So when I upload files through a PHP script
>>>> they are owned by me and not "wwwrun" or "nobody"?
>> 
>> I was recently exchanging on this list about that very topic.  It's in the
>> archives for this list.  Go to www.php.net and set the dropdown menu in the
>> upper right corner of the page to "general mailing list", then type "File
>> Upload Security and chmod" into the search field and hit enter.  The
>> conversation is within the first few hits on this search.
>> The server hosting my site runs with php executing as "me" (the owner of 
>> the
>> domain), and we covered some of the potential security pitfalls of such a
>> situation (mainly centered on the fact that this makes any php script far
>> too powerful).  In my situation I couldn't change how the server was set 
>> up;
>> however, the general consensus was that this situation created a number of
>> serious security concerns that had to be very carefully addressed.  I would
>> avoid this configuration if you have the choice, based purely on the advice
>> I received.
> 
> Actually you have that the wrong way around.
> 
> If php is running as "www" or "nobody" then any files or directories 
> that a php script creates will be done as the web server user.
> 
> That means (potentially) that if domain 'a' creates a file, domain 'b' 
> can read and write to that file and even delete it.
> 
> 
> If php is running as you instead, you can control this with appropriate 
> chmod commands (at least removing the risk of deleting of files / 
> updating of files).
> 
> A shared user (like "www" or "nobody") is a *much* bigger risk than 
> separate users.

Unless those separate users have a little more access than just SSH
and FTP access to the machine... I guess that if anyone with special
rights carelessly activates suPHP and leaves the PHP files owned by him,
you'd have PHP scripts capable of reading out special log files and
whatnot.

To my experience, apache (with PHP running as www-data or nobody or
whatever) will not be able to create files or folders without user
intervention (chmod, chown), thus no updating and removing is possible
either by default.

Using suPHP, it is. You can argue that it can only do this to the PHP
files owned by the same user, and therefor probably limiting the damage
to one specific website, however we're still having a security problem.

Both situations seem dangerous to me, both in different ways. Wouldn't
you say that the user must know what the hell he's doing in both
situations?

Ivo

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux