Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
There are a couple of challenges you face. As blue_rint has alluded to, which user is running the PHP scripts. If it is your website (apache), this typically runs under a non-privileged account that is locked and does not have a home folder by design. This will limit the places in which this account can actually write anything to disk. When applications such as Apache (PHP) need to write to disk the /tmp folder, which has 777 permissions is usually used. In terms of the permissions, a properly secured Apache (PHP) should NOT allow a remote connection to view files outside of the directory tree or access the /tmp folder. I say properly secured because one of the most common exploits used today is to coerce Apache + PHP into giving access into locations it should not have; this beign caused primarilly by poorly written user code rather than the applications themselves (as long as they are sufficiently up to date and have the recommended settings).
So, the short answer is that your PHP application should be able to write to /tmp and spiders and (non shell account) users, etc should not normally be able to access it, unless you have a security breach.
Thank you Norway2 and blue_print for your replies. I tested writing to the log from the website, and changed permissions on the file to 700. I was able to write to the log after changing permissions, download it and view it, but I couldn't access it with a URL in a browser, so I am thinking it's secure. Does that sound right to you? I might change it to write to tmp instead and test it again.
but I couldn't access it with a URL in a browser, so I am thinking it's secure. Does that sound right to you?
This question can't be answered in absolute terms, at least with the information you have provided. See this thread for a recent example of where a PHP vulnerability was used to gain access to directories outside of the web documents and execute code: http://www.linuxquestions.org/questi...y-help-940481/
Chances are that it is "secure" against most and normal usage, but if you are concerned about information being leaked when confronted with a seriously pathological case you should seriously consider what type of information you are logging.
I'm logging some info for temporary debugging, but it does log some names. I just don't want anyone to be able to read names, emails. I decided to send notification to myself when the log is updated, download it and clear the log (not huge traffic - a few users a day).