Hello, I'm responsible for running and administering apache web server that serves dynamic content using php, and I'm wondering what are the best practices of securing it. Basically, I can't trust my users and even the scripts they write, so I would like to limit damage that a successful break-in could do. Users don't have shell and I use rssh for file management. Each user is locked in own chroot jail and this jail is webroot for that virtualhost. The problem is, that I don't know what kind of software they would like to run (bbs board, photo gallery etc.), so safe_mode limiting as per user is not applicable, because most users need file uploads, create directories from scripts etc. I still need to lock them down in their own webroot, so they can't access each other files. I did: 1. set in php open_basedir = their_webroot:/usr/lib/php (PEAR modules) for each virtualhost using php_admin_value open_basedir directive in httpd.conf. 2. I'm not showing them script errors and I'm logging them instead ( good luck with debugging :) ) 3. set enable_dl = Off 4. set allow_url_fopen = No 5. After spending couple of hours reading php manual I compiled this disabled_functions list in php.ini: shell_exec, exec, system, escapeshellarg, escapeshellcmd, passthru, proc_close, proc_open, proc_get_status, proc_nice, proc_open, proc_terminate, shell_exec, phpinfo, dl, popen, pclose, chown, disk_free_space, disk_total_space, diskfreespace, fileinode, max_execution_time, set_time_limit(),highlight_file(), show_source() Does this sound as reasonable setup, or am I smoking crack here? I would like to achieve safe_mode-like security with as low impact on functionality as possible. (Yeah, tell me how contradictory this is :o) ) What are your experiences? Did I miss something? Thanks and have a nice day/night. Honza Vlach -- -----BEGIN GEEK CODE BLOCK----- Version: 3.12 GIT/CS d- s: a-- C++++$ ULS++++$ P L+++ E--- W- N+ o? K? w-->--- O? M->+ V? PS PE Y++ PGP+++ !t 5? X++ R tv-- b++ DI+ D++ G+>+++ e h--- r++ y? ------END GEEK CODE BLOCK------ () ascii ribbon campaign - against html mail /\ - against microsoft attachments
Attachment:
pgp00050.pgp
Description: PGP signature