Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:26040
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Message-ID: <B0.05.22864.D4D9E254@pb1.pair.com>
To: internals@lists.php.net
Date: Thu, 12 Oct 2006 12:53:46 -0700
Lines: 133
Subject: open_basedir enhancement, runtime tightening
From: pollita@php.net ("Sara Golemon")

The attached patch changes open_basedir from PHP_INI_SYSTEM to PHP_INI_ALL.

Wait now... let me finish.

It introduces a custom INI modification handler for open_basedir which 
allows the option to be set during Startup and Shutdown (PHP_INI_SYSTEM 
contexts) normally, then for other contexts (Activate/Deactivate {PERDIR} 
and Runtime) it checks the inbound settings against the current value and 
applies some logic:

If open_basedir hasn't been set yet:  It allows any new setting to be 
applied (unrestrictive to restrictive)

If open_basedir is set, then it checks to see if each component of the new 
setting would be allowable under the rules of the old setting,  if they're 
all good, it allows it.  If any component makes the basedir check less 
restrictive, it fails (diallows) the change. (less-restrictive to 
more-restrictive).

The advantage of doing this is that package authors and/or users of shared 
hosting who may not have access to making their settings more restrictive 
can avoid most simple FS inspection attacks caused by buggy script code by 
adding a single ini_set(basedir(__FILE__));  to the top of their script or 
setting it with an .htaccess directive.

Note that it doesn't do a thing to avoid code inejction attacks as such an 
attacker could issue ini_restore("open_basedir"); and have the same access 
to the FS as they would without this patch.  I'll grant you it's not a 
panacea, and it may be more harmful than good by making people think that 
tightening up open_basedir is enough, but it's something.

Talk amongst y'selves....

-Sara 


begin 666 open_basedir.txt
M26YD97@Z(&UA:6XO;6%I;BYC"CT]/3T]/3T]/3T]/3T]/3T]/3T]/3T]/3T]
M/3T]/3T]/3T]/3T]/3T]/3T]/3T]/3T]/3T]/3T]/3T]/3T]/3T]/3T*4D-3
M(&9I;&4Z("]R97!O<VET;W)Y+W!H<"US<F,O;6%I;B]M86EN+F,L=@IR971R
M:65V:6YG(')E=FES:6]N(#$N-S T"F1I9F8@+74@+7 @+7(Q+C<P-"!M86EN
M+F,*+2TM(&UA:6XO;6%I;BYC"3,@3V-T(#(P,#8@,38Z,C@Z,#(@+3 P,# )
M,2XW,#0**RLK(&UA:6XO;6%I;BYC"3$R($]C=" R,# V(#$Y.C(Y.C4Q("TP
M,# P"D! ("TS,SDL-B K,S,Y+#<@0$ @<W1A=&EC(%!(4%])3DE?34@H3VY5
M<&1A=&5$969A=6QT36EM971Y< H@(V5L<V4*(",)9&5F:6YE($1%1D%53%1?
M4T5.1$U!24Q?4$%42"!.54Q,"B C96YD:68**PH@+RH@>WM[(%!(4%])3DD*
M(" J+PH@4$A07TE.25]"14=)3B@I"D! ("TS.3(L-R K,SDS+#<@0$ @4$A0
M7TE.25]"14=)3B@I"B )4U1$7U!(4%])3DE?14Y44EDH(F5X=&5N<VEO;E]D
M:7(B+ D)"5!(4%]%6%1%3E-)3TY?1$E2+ D)4$A07TE.25]365-414TL"0E/
M;E5P9&%T95-T<FEN9U5N96UP='DL"65X=&5N<VEO;E]D:7(L"0D)<&AP7V-O
M<F5?9VQO8F%L<RP)8V]R95]G;&]B86QS*0H@"5-41%]02%!?24Y)7T5.5%)9
M*")I;F-L=61E7W!A=&@B+ D)"5!(4%])3D-,541%7U!!5$@L"0E02%!?24Y)
M7T%,3"P)"4]N57!D871E4W1R:6YG56YE;7!T>2P):6YC;'5D95]P871H+ D)
M"7!H<%]C;W)E7V=L;V)A;',L"6-O<F5?9VQO8F%L<RD*( E02%!?24Y)7T5.
M5%)9*")M87A?97AE8W5T:6]N7W1I;64B+ D)"2(S,"(L"0E02%!?24Y)7T%,
M3"P)"0E/;E5P9&%T951I;65O=70I"BT)4U1$7U!(4%])3DE?14Y44EDH(F]P
M96Y?8F%S961I<B(L"0D)3E5,3"P)"5!(4%])3DE?4UE35$5-+ D)3VY5<&1A
M=&53=')I;F<L"0D);W!E;E]B87-E9&ER+ D)"7!H<%]C;W)E7V=L;V)A;',L
M"6-O<F5?9VQO8F%L<RD**PE35$1?4$A07TE.25]%3E1262@B;W!E;E]B87-E
M9&ER(BP)"0E.54Q,+ D)4$A07TE.25]!3$PL"0E/;E5P9&%T94)A<V5$:7(L
M"0D);W!E;E]B87-E9&ER+ D)"7!H<%]C;W)E7V=L;V)A;',L"6-O<F5?9VQO
M8F%L<RD*( H@"5-41%]02%!?24Y)7T)/3TQ%04XH(F9I;&5?=7!L;V%D<R(L
M"0D)(C$B+ D)4$A07TE.25]365-414TL"0E/;E5P9&%T94)O;VPL"0D)9FEL
M95]U<&QO861S+ D)"7!H<%]C;W)E7V=L;V)A;',L"6-O<F5?9VQO8F%L<RD*
M( E35$1?4$A07TE.25]%3E1262@B=7!L;V%D7VUA>%]F:6QE<VEZ92(L"2(R
M32(L"0E02%!?24Y)7U-94U1%37Q02%!?24Y)7U!%4D1)4BP)"4]N57!D871E
M3&]N9RP)"0EU<&QO861?;6%X7V9I;&5S:7IE+ EP:'!?8V]R95]G;&]B86QS
M+ EC;W)E7V=L;V)A;',I"DEN9&5X.B!M86EN+V9O<&5N7W=R87!P97)S+F,*
M/3T]/3T]/3T]/3T]/3T]/3T]/3T]/3T]/3T]/3T]/3T]/3T]/3T]/3T]/3T]
M/3T]/3T]/3T]/3T]/3T]/3T]/3T]/0I20U,@9FEL93H@+W)E<&]S:71O<GDO
M<&AP+7-R8R]M86EN+V9O<&5N7W=R87!P97)S+F,L=@IR971R:65V:6YG(')E
M=FES:6]N(#$N,3@S"F1I9F8@+74@+7 @+7(Q+C$X,R!F;W!E;E]W<F%P<&5R
M<RYC"BTM+2!M86EN+V9O<&5N7W=R87!P97)S+F,),2!*=6P@,C P-B Q,3HU
M,#HU,B M,# P, DQ+C$X,PHK*RL@;6%I;B]F;W!E;E]W<F%P<&5R<RYC"3$R
M($]C=" R,# V(#$Y.C(Y.C4Q("TP,# P"D! ("TX,BPV("LX,BPV-"! 0 H@
M(V5N9&EF"B O*B!]?7T@*B\*( HK+RH@>WM[($]N57!D871E0F%S941I<@HK
M06QL;W=S(&%N>2!C:&%N9V4@=&\@;W!E;E]B87-E9&ER('-E='1I;F<@:6X@
M9'5R:6YG(%-T87)T=7 @86YD(%-H=71D;W=N(&5V96YT<RP**V]R(&$@=&EG
M:'1E;FEN9R!D=7)I;F<@86-T:79A=&EO;B]R=6YT:6UE+V1E86-T:79A=&EO
M;B J+PHK4$A005!)(%I%3D1?24Y)7TU(*$]N57!D871E0F%S941I<BD**WL*
M*PEC:&%R("HJ<"P@*G!A=&AB=68L("IP='(L("IE;F0["BLC:69N9&5F(%I4
M4PHK"6-H87(@*F)A<V4@/2 H8VAA<B J*2!M:%]A<F<R.PHK(V5L<V4**PEC
M:&%R("IB87-E(#T@*&-H87(@*BD@='-?<F5S;W5R8V4H*B@H:6YT("HI(&UH
M7V%R9S(I*3L**R-E;F1I9@HK"BL)<" ]("AC:&%R("HJ*2 H8F%S92LH<VEZ
M95]T*2!M:%]A<F<Q*3L**PHK"6EF("AS=&%G92 ]/2!02%!?24Y)7U-404=%
M7U-405)455 @?'P@<W1A9V4@/3T@4$A07TE.25]35$%'15]32%541$]73BD@
M>PHK"0DO*B!792=R92!I;B!A(%!(4%])3DE?4UE35$5-(&-O;G1E>'0L(&YO
M(')E<W1R:6-T:6]N<R J+PHK"0DJ<" ](&YE=U]V86QU93L**PD)<F5T=7)N
M(%-50T-%4U,["BL)?0HK"BL@(" @(" @( HK"2\J($5L<V5W:7-E+"!W92=R
M92!I;B!R=6YT:6UE("HO"BL):68@*"$J<"!\?" A*BIP*2!["BL)"2\J(&]P
M96Y?8F%S961I<B!N;W0@<V5T('EE="P@9V\@86AE860@86YD(&=I=F4@:70@
M82!V86QU92 J+PHK"0DJ<" ](&YE=U]V86QU93L**PD)<F5T=7)N(%-50T-%
M4U,["BL)?0HK"BL)+RH@4VAO<G1C=70Z(%=H96X@=V4@:&%V92!A(&]P96Y?
M8F%S961I<B!A;F0@<V]M96]N92!T<FEE<R!T;R!U;G-E="P@=V4@:VYO=R!I
M="=L;"!F86EL("HO"BL):68@*"%N97=?=F%L=64@?'P@(2IN97=?=F%L=64I
M('L**PD)<F5T=7)N($9!24Q54D4["BL)?0HK"BL)+RH@27,@=&AE('!R;W!O
M<V5D(&]P96Y?8F%S961I<B!A="!L96%S="!A<R!R97-T<FEC=&EV92!A<R!T
M:&4@8W5R<F5N="!S971T:6YG/R J+PHK"7!T<B ]('!A=&AB=68@/2!E<W1R
M9'5P*&YE=U]V86QU92D["BL)=VAI;&4@*'!T<B F)B J<'1R*2!["BL)"65N
M9" ]('-T<F-H<BAP='(L($1%1D%53%1?1$E27U-%4$%2051/4BD["BL)"6EF
M("AE;F0@(3T@3E5,3"D@>PHK"0D)*F5N9" ]("=<,"<["BL)"0EE;F0K*SL*
M*PD)?0HK"0EI9B H<&AP7V-H96-K7V]P96Y?8F%S961I<E]E>"AP='(L(# @
M5%-234Q37T-#*2 A/2 P*2!["BL)"0DO*B!!="!L96%S="!O;F4@<&]R=&EO
M;B!O9B!T:&ES(&]P96Y?8F%S961I<B!I<R!L97-S(')E<W1R:6-T:79E('1H
M86X@=&AE('!R:6]R(&]N92P@1D%)3" J+PHK"0D)969R964H<&%T:&)U9BD[
M"BL)"0ER971U<FX@1D%)3%5213L**PD)?0HK"0EP='(@/2!E;F0["BL)?0HK
M"65F<F5E*'!A=&AB=68I.PHK"BL)+RH@179E<GET:&EN9R!C:&5C:W,@;W5T
M+"!S970@:70@*B\**PDJ<" ](&YE=U]V86QU93L**PHK"7)E='5R;B!354-#
M15-3.PHK?0HK+RH@?7U]("HO"BL**PH@+RH@>WM[('!H<%]C:&5C:U]S<&5C
M:69I8U]O<&5N7V)A<V5D:7(*( E7:&5N(&]P96Y?8F%S961I<B!I<R!N;W0@
M3E5,3"P@8VAE8VL@:68@=&AE(&=I=F5N(&9I;&5N86UE(&ES(&QO8V%T960@
M:6X*( EO<&5N7V)A<V5D:7(N(%)E='5R;G,@+3$@:68@97)R;W(@;W(@;F]T
M(&EN('1H92!O<&5N7V)A<V5D:7(L(&5L<V4@, I);F1E>#H@;6%I;B]F;W!E
M;E]W<F%P<&5R<RYH"CT]/3T]/3T]/3T]/3T]/3T]/3T]/3T]/3T]/3T]/3T]
M/3T]/3T]/3T]/3T]/3T]/3T]/3T]/3T]/3T]/3T]/3T]/3T*4D-3(&9I;&4Z
M("]R97!O<VET;W)Y+W!H<"US<F,O;6%I;B]F;W!E;E]W<F%P<&5R<RYH+'8*
M<F5T<FEE=FEN9R!R979I<VEO;B Q+C0W"F1I9F8@+74@+7 @+7(Q+C0W(&9O
M<&5N7W=R87!P97)S+F@*+2TM(&UA:6XO9F]P96Y?=W)A<'!E<G,N: DQ($IU
M;" R,# V(#$Q.C4P.C4R("TP,# P"3$N-#<**RLK(&UA:6XO9F]P96Y?=W)A
M<'!E<G,N: DQ,B!/8W0@,C P-B Q.3HR.3HU,2 M,# P, I 0" M,C,L-B K
M,C,L-R! 0 H@"B!"14=)3E]%6%1%4DY?0R@I"B C:6YC;'5D92 B<&AP7V=L
M;V)A;',N:"(**R-I;F-L=61E(")P:'!?:6YI+F@B"B *(%!(4$%022!I;G0@
M<&AP7V9O<&5N7W!R:6UA<GE?<V-R:7!T*'IE;F1?9FEL95]H86YD;&4@*F9I
M;&5?:&%N9&QE(%134DU,4U]$0RD["B!02%!!4$D@8VAA<B J97AP86YD7V9I
M;&5P871H*&-O;G-T(&-H87(@*F9I;&5P871H+"!C:&%R("IR96%L7W!A=&@@
M5%-234Q37T1#*3L*0$ @+3,U+#8@*S,V+#@@0$ @4$A005!)($9)3$4@*G!H
M<%]F;W!E;E]W:71H7W!A=&@H8V]N<W0@8PH@"B!02%!!4$D@:6YT('!H<%]I
M<U]U<FPH8VAA<B J<&%T:"D["B!02%!!4$D@8VAA<B J<&AP7W-T<FEP7W5R
M;%]P87-S=V0H8VAA<B J<&%T:"D["BL**U!(4$%022!:14Y$7TE.25]-2"A/
K;E5P9&%T94)A<V5$:7(I.PH@14Y$7T585$523E]#*"D*( H@(V5N9&EF"@``
`
end