LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page Security with PHP
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 02-03-2004, 07:18 AM   #1
clau_bolson
Member
 
Registered: Nov 2003
Location: Argentina
Distribution: Debian Sarge
Posts: 52

Rep: Reputation: 15
Security with PHP

Hi!
I've just realized that with PHP I can open any file in my disk with world read permissions, no matter apache's configuration says
<Directory />
Options none
Allow override none
Oder deny,allow
Deny from all
</Directory>

As I share my web server with my mail server, I am afraid that one of my users would place a script and be able to stole sensible data (like mysql databases)

Is there a way to restrict which files PHP can open?
Thanks
 
Old 02-03-2004, 03:56 PM   #2
Khabi
Member
 
Registered: Aug 2003
Location: Arizona
Distribution: Gentoo
Posts: 142

Rep: Reputation: 15
Yes, it is possible to restrict php from opening files. http://us2.php.net/features.safe-mode All of those options are in php.ini
 
Old 02-03-2004, 04:30 PM   #3
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 76
Even with Safe-Mode PHP has had some exploits with being able to open world-readable files. Make sure that your PHP is patched or updated to a version that covers all the known security exploits (try checking SecurityFocus.com for a list of PHP exploits, it's gauranteed to scare your socks off).

Another very sensible thing to do would be to chroot Apache into it's operating directory (often /var/www). OpenBSD does this by default.
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
PHP security Ephracis Programming 1 10-29-2004 09:14 AM
apache/php security sopiaz57 Linux - Security 1 06-13-2004 03:52 AM
PHP security patpawlowski Programming 2 03-05-2004 10:24 PM
PHP Security pembo13 Linux - Security 7 11-18-2003 12:17 PM
Security Hole in PHP 4.3.0 Crashed_Again Linux - Security 1 03-01-2003 03:29 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 11:13 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration