Well, safe_mode could prevent someone of doing a shell_exec("cat
/home/otheruser/web/config.php"); open_basedir can't do the same
thing.We were in a continual losing race against that sort of thing though.
In pretty much every single release there have been ways to
do this that got around safe-mode.
Because of bugs in the safe_mode implementation (forgetting some
checks?) or conceptual problems?
I have always maintained that shared hosts should be running
per-security context Apache instances as different users.
The problem with that is that it makes name-based virtual hosts pretty
pointless because each apache instance will at least need an ip address
on its own.
-mp.
Am 25.11.2005 um 10:51 schrieb Matthias Pigulla:
Because of bugs in the safe_mode implementation (forgetting some
checks?) or conceptual problems?
Safe mode doesn't work 'cos there are lots of third party libraries
which PHP relies on and don't take care of the safe mode. That's why
you can't assure security in you application and why it's up to your
operating system to care about security.
I have always maintained that shared hosts should be running
per-security context Apache instances as different users.The problem with that is that it makes name-based virtual hosts pretty
pointless because each apache instance will at least need an ip
address
on its own.
It seems you've never heard of suexec, FastCGI, MPM Perchild (ok,
this one is broken) and Zeus (has nothing to do with Apache, but is a
good product). It's possible to have name based virtual hosts in
Apache2 and PHP processes running in the context of every user with a
patched suexec, mod_fastcgi and one single IP.
Regards,
A.
That's why you can't assure security...
Please read: ... this special type of security...
Regards,
A.
Matthias Pigulla wrote:
Well, safe_mode could prevent someone of doing a shell_exec("cat
/home/otheruser/web/config.php"); open_basedir can't do the same
thing.
We were in a continual losing race against that sort of thing though.
In pretty much every single release there have been ways to
do this that got around safe-mode.Because of bugs in the safe_mode implementation (forgetting some
checks?) or conceptual problems?I have always maintained that shared hosts should be running
per-security context Apache instances as different users.The problem with that is that it makes name-based virtual hosts pretty
pointless because each apache instance will at least need an ip address
on its own.
That's not true at all. I run multiple Apaches all the time behind a
single IP. In my main port 80 server I simply have config lines like this:
<VirtualHost *>
ServerName example1.com
...
ProxyPass / http://example1.com:81/
</VirtualHost>
<VirtualHost *>
ServerName example2.com
...
ProxyPass / http://example2.com:82/
</VirtualHost>
That's just using Apache's mod_proxy. You can do the same thing with
Squid in reverse proxy mode and you can get really fancy with redirect
scripts where you keep all your vhosts in a database and cache them and
control the redirection that way.
-Rasmus