There are configuration options within the apache/php/vhost configs that can mitigate some of this. We use custom open_basedir paths on each vhost to make sure that code within the vhost cannot escape to others. We also turn off exec and other commands that shell out. And disabling symlinks. We also had to remove all of the web developers from having admin in the web filesystem though, to prevent them from making mount points to other parts of the web-accessible filesystem.
Billy Beaudoin ITECS Systems NC State University On Wed, Dec 12, 2012 at 9:44 AM, Michal Švamberg <[email protected]> wrote: > Hello, > we are using AFS at the University of West Bohemia for virtual > web servers. Each of them (almost 400) has its own AFS volume. > Webserver itself has AFS identity thru IP adress and everything > works fine. But, the problem is exactly with the AFS identity > of webserver. It has read rights over all of virtual webservers > and volume's owner can e.g. by PHP script read data from others > volumes. The bigger problem is, when someone in own volume > allow writeable rights for webserver - e.g. there is some kind > of CMS system (Drupal, Joomla, ...) needed write rights. > Now, attacker from outside the university can try to insert bad > code and do with it anything he wants. > > Is there some reasonable advice, how to separate virtual web > servers on AFS from each others? > > Thank you, > Michal Svamberg > > _______________________________________________ > OpenAFS-info mailing list > [email protected] > https://lists.openafs.org/mailman/listinfo/openafs-info >
