[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] securing php
- To: vogt@hansenet.com
- Subject: Re: [Full-Disclosure] securing php
- From: Kristian Koehntopp <kris@koehntopp.de>
- Date: Wed, 20 Aug 2003 12:48:06 +0200
On Wed, Aug 20, 2003 at 10:12:30AM +0200, vogt@hansenet.com wrote:
> You an enable PHP's "Safe Mode", which goes a long way to
> closing these holes, but it's not a 100% solution.
Since you can read german:
The following article is older, but still true:
http://www.dclp-faq.de/q/q-konfiguration-safe-mode.html
12.2. Was genau bewirkt safe_mode und ist das sicher?
...
safe_mode ist nicht sicher: Ein Fehler in der popen() -Funktion
ist erst mit 3.0.14 korrigiert worden, ein weiterer Fehler in
der mail() -Funktion erst in 3.0.15. Spätere Versionen von PHP
hatten weitere Lücken. Man sollte stattdessen die CGI-Version in
einem chroot-Environment verwenden und mit setrlimit noch
weitergehende Einschränkungen definieren.
In English:
safe_mode is not secure. An exploit using popen() has been fixed
in 3.0.14, another exploit using mail() was fixed i 3.0.15.
Later versions of PHP had additional exploits. You should be
using the CGI version of PHP in a chrooted environment instead,
and use setrlimit to configure additional restrictions.
You could also use the module version of PHP and relegate the
enitire apache instance (one per customer) into a chrooted jail.
If you were using Apache 2.0 you could try to use the
mpm_perchild_module
(http://httpd.apache.org/docs-2.0/mod/perchild.html) and try to
make it useable with a perchild chroot restriction.
Kristian
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html