Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:26043 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 49487 invoked by uid 1010); 12 Oct 2006 21:05:31 -0000 Delivered-To: ezmlm-scan-internals@lists.php.net Delivered-To: ezmlm-internals@lists.php.net Received: (qmail 49471 invoked from network); 12 Oct 2006 21:05:31 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 12 Oct 2006 21:05:31 -0000 Authentication-Results: pb1.pair.com smtp.mail=andrei@gravitonic.com; spf=permerror; sender-id=unknown Authentication-Results: pb1.pair.com header.from=andrei@gravitonic.com; sender-id=unknown Received-SPF: error (pb1.pair.com: domain gravitonic.com from 204.11.219.139 cause and error) X-PHP-List-Original-Sender: andrei@gravitonic.com X-Host-Fingerprint: 204.11.219.139 lerdorf.com Linux 2.5 (sometimes 2.4) (4) Received: from [204.11.219.139] ([204.11.219.139:52441] helo=lerdorf.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 5B/88-22864-91EAE254 for ; Thu, 12 Oct 2006 17:05:30 -0400 Received: from [172.27.173.217] ([66.194.95.2]) (authenticated bits=0) by lerdorf.com (8.13.8/8.13.8/Debian-2) with ESMTP id k9CL5Ql4003048; Thu, 12 Oct 2006 14:05:26 -0700 In-Reply-To: References: Mime-Version: 1.0 (Apple Message framework v752.2) X-Priority: 3 Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-ID: Cc: internals@lists.php.net Content-Transfer-Encoding: 7bit Date: Thu, 12 Oct 2006 16:05:16 -0500 To: Sara Golemon X-Mailer: Apple Mail (2.752.2) Subject: Re: [PHP-DEV] open_basedir enhancement, runtime tightening From: andrei@gravitonic.com (Andrei Zmievski) I don't have a problem with this. -Andrei On Oct 12, 2006, at 2:53 PM, Sara Golemon wrote: > The attached patch changes open_basedir from PHP_INI_SYSTEM to > PHP_INI_ALL. > > Wait now... let me finish. > > It introduces a custom INI modification handler for open_basedir which > allows the option to be set during Startup and Shutdown > (PHP_INI_SYSTEM > contexts) normally, then for other contexts (Activate/Deactivate > {PERDIR} > and Runtime) it checks the inbound settings against the current > value and > applies some logic: > > If open_basedir hasn't been set yet: It allows any new setting to be > applied (unrestrictive to restrictive) > > If open_basedir is set, then it checks to see if each component of > the new > setting would be allowable under the rules of the old setting, if > they're > all good, it allows it. If any component makes the basedir check less > restrictive, it fails (diallows) the change. (less-restrictive to > more-restrictive). > > The advantage of doing this is that package authors and/or users of > shared > hosting who may not have access to making their settings more > restrictive > can avoid most simple FS inspection attacks caused by buggy script > code by > adding a single ini_set(basedir(__FILE__)); to the top of their > script or > setting it with an .htaccess directive. > > Note that it doesn't do a thing to avoid code inejction attacks as > such an > attacker could issue ini_restore("open_basedir"); and have the same > access > to the FS as they would without this patch. I'll grant you it's not a > panacea, and it may be more harmful than good by making people > think that > tightening up open_basedir is enough, but it's something. > > Talk amongst y'selves.... > > -Sara > > >