Python Community Server: Development

A weblog about programming in Python, C#, Java, Perl and C++ - and the occasional comment on PyCS development
new: discuss community servers on the CommunityServerWiki!

SunMonTueWedThuFriSat
1 2 3 4 5
6 7 8 9 10 11 12
13 14 15 16 17 18 19
20 21 22 23 24 25 26
27 28 29 30 31

[ Sep ] [ Nov ]

the locals
also available in XML
Copyright (c) 2002 Phillip Pearson
spread the dot

2002-10-5

More on PHP security

Richard Bellavance and Paul have added more comments to the thread about PHP safe mode. Richard points out that the host can tell safe mode to only check GIDs, not UIDs, and Paul mention's Pair Networks' php-cgiwrap, a modification of cgiwrap that works for PHP.

The latter is what I want, as it would allow me to set the permissions on the data files so that nobody else on the server could access them. However, it requires that PHP is run as a CGI, which negates the whole point of using PHP, which is that it's fast. The former is fast, but not so secure.

As such, it looks like it is possible to have a server where everyone's scripts work and nobody can hack anyone (which I claimed was impossible the other day ;-), but it requires you to either run everything as CGI (under cgiwrap) or run only PHP (in safe mode, with safe_mode_gid set).

Amusingly enough, most hosts these days seem to permit use of CGI without cgiwrap, which means that most bloggers out there using MT, GM or b2 on shared servers are rather more vulnerable than they expected. To find out, look in the CGI setup documentation for your host and look for something like "Also make sure that you CHMOD the scripts to 755". If you can't run scripts with permissions of 700 , you are probably vulnerable. Anybody else on the server can read passwords out of config files with perms of 644, and can write to config files set to 666. There's a plus for Radio, CityDesk and Blogger. Maybe FTPing static HTML up to a dumb server ain't that bad an idea after all.

Comment on this post [ so far]