Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:1531
Return-Path: <jc@firststopinternet.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 33012 invoked from network); 15 May 2003 13:37:10 -0000
Received: from unknown (HELO einsteinium.btinternet.com) (194.73.73.147)
  by pb1.pair.com with SMTP; 15 May 2003 13:37:10 -0000
Received: from host213-123-131-250.in-addr.btopenworld.com ([213.123.131.250] helo=desktop)
	by einsteinium.btinternet.com with esmtp (Exim 3.22 #23)
	id 19GIuz-0001S0-00
	for internals@lists.php.net; Thu, 15 May 2003 14:37:09 +0100
To: <internals@lists.php.net>
Date: Thu, 15 May 2003 14:37:05 +0100
Message-ID: <000001c31ae7$166a5220$0100a8c0@desktop>
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_0001_01C31AEF.782EBA20"
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.4024
Importance: Normal
In-Reply-To: 
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Subject: RE: php_escape_shell_cmd
From: jc@firststopinternet.com ("Jamison Charlesworth")

------=_NextPart_000_0001_01C31AEF.782EBA20
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit

I guess this would also require two new Boolean keywords to control its
operation:

 

safe_mode_allow_redirect_under_docroot

safe_mode_allow_redirect_under_safe_exec_dir

 

-----Original Message-----
From: Jamison Charlesworth [mailto:jc@firststopinternet.com] 
Sent: 09 May 2003 10:33
To: 'internals@lists.php.net'
Subject: RE: php_escape_shell_cmd

 

I have done this now in the form of a patch and it follows the following
logic:

 

Just before php_escape_shell_cmd returns it calls a new function
'php_remove_escape_if_safe()'

 

This scans the shell command for any '|', '>' or '<' (called redirects
for the purpose of this message).

 

If the cmd contains '..' anywhere in the string, the function does
nothing.

 

If the text following the redirect starts with DOCUMENT_ROOT or
safe_mode_exec_dir then it is allowed (the preceeding '\' is set to
space).

 

Unless the redirect is '>' and the redirect starts with
safe_mode_exec_dir, to prevent overwriting or creation of execs in this
directory.

 

 

Is anyone interested in putting forward this idea as a general mod? -
This would help those of us running PHP on virtual servers..

 

I have also added a new keyword 'safe_mode_include_docroot' which acts
like 'safe_mode_include_dir', only its dynamic and allows reading by
other uid's and gid's when the file(s) are beneath DOCUMENT_ROOT.

 

This also helps virtual servers.

 

-----Original Message-----
From: Jamison Charlesworth [mailto:jc@firststopinternet.com] 
Sent: 08 May 2003 14:31
To: 'php-dev@lists.php.net'
Subject: php_escape_shell_cmd

 

Hi

 

I am thinking of making a mod to this to help people using scripts on my
virtual servers.

 

At present when in SAFE_MODE the pipe '|' and redirect '<' '>'  entries
are escaped, and the reasons for this are well understood.

 

However, I am thinking that if the executable is in safe_mode_exec_dir
and the command being 'piped' to is also in the safe_mode_exec_dir then
this would be safe to allow.

 

Also, if a file beinf redirected via < or > is within the DOCUMENT_ROOT
then this should also be allowed.

 

Any views on this?

 

Regards, Jamie.

 


------=_NextPart_000_0001_01C31AEF.782EBA20--