Re: [tlug] Prevent access shared server using PHP

[Darren Cook <darren@example.com>]

> My concern is about PHP. It's easy to restrict users access to certain 
> folders by a good group/permission policy and also ssh-jail them but 

Will you use http://antitese.org/sshjail/ or something else?

> Apache will be the final user of those PHP scripts and Apache user 
> doesn't have the same restrictions as a limited user. It can browse 
> whatever is browsable for a common generic user.

Are you trying to prevent accidental access, or do you think your users
will be actively trying to hack?

Setting open_basedir could stop some accidental stuff.

There is suhosin:
 http://www.hardened-php.net/suhosin/index.html

But it might stop you doing some stuff you want to do in your
application, and might slow PHP down. I notice last website update was
2007, but the changelog shows some 2010 release.

Or run PHP as a cgi exe (I think apache allows specifying the user to
run it as? If not, consider http://www.suphp.org/ or similar). The
downside there is it is slower. I guess you could give all the test
virtual hosts PHP cgi, and just use php module for your live virtual host?

Darren

P.S. The existence of suhosin is a better argument for PHP being
insecure (while also nicely quantifying the degree of the insecurity)
than any of the others I saw. ;-)


-- 
Darren Cook, Software Researcher/Developer

http://dcook.org/work/ (About me and my work)
http://dcook.org/blogs.html (My blogs and articles)