Securing Apache server against slightly untrusted PHP code?

4

I have an unusual situation where I need multiple users to be able to upload and execute PHP code on my Apache server, but I cannot allow one user to access another user's PHP source (if concrete examples make you feel better, imagine I'm hosting a PHP programming competition).

Here's what I have so far in the PHP.ini:

disable_functions = readfile, fpassthru, file, file_get_contents, 
 system, fopen, symlink, rename, copy, exec, passthru, pcntl_exec, 
 backtick_operator, shell_exec, popen, proc_open

What other functions would I need to add to this list, to prevent PHP code from accessing local files (and hence other PHP source?)?

Alex R

Posted 2009-12-20T03:02:21.677

Reputation: 1 629

Answers

1

Please also take a look at http://www.suphp.org/ which executes PHP scripts with user permissions, instead of the user the webserver is running as. If you make sure the webserver can read the directory (but not necessarily the PHP file itself), then it will be able to execute these files with user permissions. Other users should not be able to read or access them in this case. This should be a more graceful and secure way of handling this.

Meta Bergman

Posted 2009-12-20T03:02:21.677

Reputation: 1 340

0

Sounds like you need to enable PHP's Safe Mode, this will disable all of relevent functions.

(Note this has been depreacited in 5.3 & removed in PHP6)

Jon Rhoades

Posted 2009-12-20T03:02:21.677

Reputation: 622

Ok I added a few from the Safe Mode page... disable_functions = readfile, fpassthru, file, file_get_contents, system, fopen, symlink, rename, copy, exec, passthru, pcntl _exec, backtick_operator, shell_exec, popen, proc_open, chmod, chown, chgrp, touch, dl, highlight_file, show_source, parse_in i_file, mkdir, rmdir, posix_mkfifo, dbase_open, dbmopen, filepro, pg_lo_import, move_uploaded_file, link – Alex R – 2009-12-20T05:01:50.690

0

Rather than trying to handle this within PHP, I'd step up a layer or two, and use Apache + unix accounts to segregate things - for instance, using suexec to keep the user's processes separate.

James Polley

Posted 2009-12-20T03:02:21.677

Reputation: 5 892

Asked: 2009-12-20T03:02:21.677

Viewed: 464 times

Active: 2011-08-21T07:22:30.283