I also have some ideas how to improve safe_mode:
- Being able to limit the hosts/ports the socket/mysql/fopen/etc functions
can connect to. I have seen a few cases where a PHP user used the socket
calls to send spam to a mailserver. He/she deleted the script afterwards,
and nobody was able to find out who sent the spam...
- Extend the functionality of open_basedir. This could be used for the
virtual-chroot / shared directories you mentioned.
- I can imagine that the configuration files can become very large when you
want different limits for different groups of users. So maybe a way to make
'shortcuts' for certain settings? For example something like:
php_admin_var basic_dirs /var/www/shared:...:...:...
php_admin_var db_users /var/www/db:/usr/local/php/:...:...
php_admin_var power_users $db_users:/var/www/power:...
php_admin_value open_basedir $basic_dirs
php_admin_value open_basedir $basic_dirs:$db_users
php_admin_value open_basedir $basic_dirs:$power_users
This could make managing a lot of virtual hosts very easy.
Just some ideas. I don't know yet how many time I can set aside to help on
implementing security features...
----- Original Message -----
From: "Jason Greene" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Thursday, February 01, 2001 9:53 PM
Subject: [PHP-DEV] safe_mode redesign
> Is anyone up for a discussion on the redesign of safe_mode? I would like
to start working on this sometime soon, and I have a lot of
> ideas, but I know this is going to be something of a large debate.
> Some of the new features I think would benefit php include:
> * safe_mode_hide_env_vars - will allow extra protection on removing
environmental vars from hosted users ( I actually have a patch
> for this but I have been waiting on it to discuss the redesign)
> * User configurable policy - safe_mode could have configuration directives
to specify exactly what checks are desired
> * Virtual Chroot - the ability to perform a chroot to a virtual host
directory structure, so that a hosted user can not access
> anything outside of their directory structure.
> * Shared Directories - The ability to specify a list of paths that are
shared amongst all hosted users. This would allow certain
> extensions (gd, oracle, etc) the ability to access the needed datafiles
without failing a safe_mode check.
> Any comments, suggestions, other ideas?
> PHP Development Mailing List <http://www.php.net/>
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]