| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: janus at volny.cz (Honza Vlach) Subject: Securing apache+php for virtual hosts - best practices (longer) Hello, I'm responsible for running and administering apache web server that serves dynamic content using php, and I'm wondering what are the best practices of securing it. Basically, I can't trust my users and even the scripts they write, so I would like to limit damage that a successful break-in could do. Users don't have shell and I use rssh for file management. Each user is locked in own chroot jail and this jail is webroot for that virtualhost. The problem is, that I don't know what kind of software they would like to run (bbs board, photo gallery etc.), so safe_mode limiting as per user is not applicable, because most users need file uploads, create directories from scripts etc. I still need to lock them down in their own webroot, so they can't access each other files. I did: 1. set in php open_basedir = their_webroot:/usr/lib/php (PEAR modules) for each virtualhost using php_admin_value open_basedir directive in httpd.conf. 2. I'm not showing them script errors and I'm logging them instead ( good luck with debugging :) ) 3. set enable_dl = Off 4. set allow_url_fopen = No 5. After spending couple of hours reading php manual I compiled this disabled_functions list in php.ini: shell_exec, exec, system, escapeshellarg, escapeshellcmd, passthru, proc_close, proc_open, proc_get_status, proc_nice, proc_open, proc_terminate, shell_exec, phpinfo, dl, popen, pclose, chown, disk_free_space, disk_total_space, diskfreespace, fileinode, max_execution_time, set_time_limit(),highlight_file(), show_source() Does this sound as reasonable setup, or am I smoking crack here? I would like to achieve safe_mode-like security with as low impact on functionality as possible. (Yeah, tell me how contradictory this is :o) ) What are your experiences? Did I miss something? Thanks and have a nice day/night. Honza Vlach -- -----BEGIN GEEK CODE BLOCK----- Version: 3.12 GIT/CS d- s: a-- C++++$ ULS++++$ P L+++ E--- W- N+ o? K? w-->--- O? M->+ V? PS PE Y++ PGP+++ !t 5? X++ R tv-- b++ DI+ D++ G+>+++ e h--- r++ y? ------END GEEK CODE BLOCK------ () ascii ribbon campaign - against html mail /\ - against microsoft attachments -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20041111/f97ef2a8/attachment.bin
Powered by blists - more mailing lists