This is an excellent question. I've run into the same thing myself when
setting up my own Linux boxen.
Apache + PHP needs to have read access to users' web directories in
order to serve them up to the 'net (mode 704), and directories must have
the execute bit set (mode 705). Assuming users with virtual hosts are
all members of a group (say 'vhusers'), a shell user cannot read other
users' files. However, a PHP script (running as the Apache user -
usually 'nobody') can read all files, obtain directory listings, etc etc
(as can anyone not a member of the 'vhusers' group - on a virtual host
server, I'm guessing no one should have priviledged access except the
admins).
Obviously, this is undesirable from a security standpoint. You don't
want some luser snarfing the code you've been working on for weeks!
One suggestion I've heard is to make each user have their own group, for
example 'joeuser' belongs to the group 'joeuser', etc etc. Then you
could start a seperate instance of Apache+PHP for each user - running AS
that user. Now joeuser's PHP scripts can't read bobuser's files.
However, in my view this opens up another security hole - external
services should never run as normal users on a box. If a new buffer
overflow was found in Apache, someone could easily wipe out joeuser's
files...whereas in the previous example, the damage would be limited to
just reading the files. Also, starting so many instances of Apache seems
unnecessarily resource-intensive.
I'm by no means a security expert - this email merely reflects the
results of experimentation on my own boxen. If anyone has any
suggestions on how to improve this situation, please post 'em!
Ben Gollmer
On Monday, May 14, 2001, at 01:09 PM, bd wrote:
> Hello,
>
> I have similar concerns with the host I'm trying out right now - though
> they're running Linux/Apache. My problem is with lack of security with
> shell access (i.e. access to other client's directories and key server
> files) and apparently lax monitoring of its privacy policies. I'm not
> a sys
> admin so I don't know exactly what is achievable, but I was surprised
> by the
> loose config of the server I'm on.
>
> I'm looking for a Virtual-Host provider running PHP/MySQL who has
> mastered
> the concept of providing a secure, shared environment to it's clients -
> including ssh/scp access restricted to only what's owned by me, secured
> administration tools, secured email communication with its clients, and
> complete logical and physical security of the server and data center.
> Does
> anyone have a recommendation? I've seen providers that address these
> issues
> for dedicated server configs - but not virtual server configs.
>
> Best Regards,
> bd
>
> -----Original Message-----
> From: José León Serna [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, May 09, 2001 6:57 AM
> To: [EMAIL PROTECTED]
> Subject: [PHP] PHP priviledges
>
>
> Hello:
> In my host, the php is installed in a way that I have access from a
> php
> script to all the webs on that server, (there are almost 60) and I can
> delete/copy any file of other servers. I don't like this because other
> user
> of that server can do the same as I. I have contacted with my host and
> they
> doesn't know how to prevent php/IIS to have access to other directories
> on
> the server, Is this possible?
>
> Best Regards
> ------------
> Visual PHP Studio, RAD development with PHP
> http://www.visualphpstudio.f2s.com
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
>
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
