[PHP-DEV] open_basedir enhancement, runtime tightening

Sara Golemon Thu, 12 Oct 2006 12:54:24 -0700

The attached patch changes open_basedir from PHP_INI_SYSTEM to PHP_INI_ALL.


Wait now... let me finish.

It introduces a custom INI modification handler for open_basedir which 
allows the option to be set during Startup and Shutdown (PHP_INI_SYSTEM 
contexts) normally, then for other contexts (Activate/Deactivate {PERDIR} 
and Runtime) it checks the inbound settings against the current value and 
applies some logic:

If open_basedir hasn't been set yet:  It allows any new setting to be 
applied (unrestrictive to restrictive)

If open_basedir is set, then it checks to see if each component of the new 
setting would be allowable under the rules of the old setting,  if they're 
all good, it allows it.  If any component makes the basedir check less 
restrictive, it fails (diallows) the change. (less-restrictive to 
more-restrictive).

The advantage of doing this is that package authors and/or users of shared 
hosting who may not have access to making their settings more restrictive 
can avoid most simple FS inspection attacks caused by buggy script code by 
adding a single ini_set(basedir(__FILE__));  to the top of their script or 
setting it with an .htaccess directive.

Note that it doesn't do a thing to avoid code inejction attacks as such an 
attacker could issue ini_restore("open_basedir"); and have the same access 
to the FS as they would without this patch.  I'll grant you it's not a 
panacea, and it may be more harmful than good by making people think that 
tightening up open_basedir is enough, but it's something.

Talk amongst y'selves....

-Sara 


begin 666 open_basedir.txt
[EMAIL PROTECTED](&UA:6XO;6%I;BYC"CT]/3T]/3T]/3T]/3T]/3T]/3T]/3T]/3T]
M/3T]/3T]/3T]/3T]/3T]/3T]/3T]/3T]/3T]/3T]/3T]/3T]/3T]/3T*4D-3
M(&9I;&4Z("]R97!O<VET;W)Y+W!H<"US<F,O;6%I;B]M86EN+F,[EMAIL PROTECTED]
M:65V:6YG(')E=FES:6]N(#$N-S T"[EMAIL PROTECTED]@+7 @+7(Q+C<P-"!M86EN
M+F,*+2TM(&UA:6XO;6%I;BYC"3,@3V-T(#(P,#8@,38Z,[EMAIL PROTECTED],#(@+3 P,# )
M,2XW,#0**RLK(&UA:6XO;6%I;BYC"3$R($]C=" R,# V(#$Y.C(Y.C4Q("TP
M,# P"D! ("TS,SDL-B K,S,Y+#<@0$ @<W1A=&EC(%!(4%])[EMAIL PROTECTED]
M<&1A=&5$969A=6QT36EM971Y< H@(V5L<V4*(",)9&5F:6YE($1%1D%53%1?
M4T5.1$U!24Q?4$%42"!.54Q,"B C96YD:[EMAIL PROTECTED]@>WM[(%!(4%])3DD*
M(" [EMAIL PROTECTED]"14=)[EMAIL PROTECTED]"D! ("TS.3(L-R K,SDS+#<@0$ @4$A0
M7TE.25]"14=)[EMAIL PROTECTED]"B )4U1$7U!(4%])3DE?14Y44EDH(F5X=&5N<VEO;E]D
M:7(B+ D)"5!(4%]%6%1%3E-)3TY?1$E2+ D)4$A07TE.25]365-414TL"0E/
M;E5P9&%T95-T<FEN9U5N96UP='DL"65X=&5N<VEO;E]D:7(L"0D)<&AP7V-O
M<F5?9VQO8F%L<RP)8V]R95]G;&]B86QS*0H@"5-41%]02%!?24Y)7T5.5%)9
M*")I;F-L=61E7W!A=&@B+ D)"5!(4%])3D-,[EMAIL PROTECTED]"0E02%!?24Y)
M7T%,3"P)"4]N57!D871E4W1R:6YG56YE;7!T>2P):6YC;'5D95]P871H+ D)
M"7!H<%]C;W)E7V=L;V)A;',L"6-O<F5?9VQO8F%L<RD*( E02%!?24Y)7T5.
M5%)9*")M87A?97AE8W5T:6]N7W1I;64B+ D)"2(S,"(L"0E02%!?24Y)7T%,
M3"P)"0E/;E5P9&%T951I;65O=70I"BT)4U1$7U!(4%])3DE?14Y44EDH(F]P
M96Y?8F%S961I<B(L"0D)3E5,3"P)"5!(4%])3DE?4UE35$5-+ D)3VY5<&1A
M=&53=')I;F<L"0D);W!E;E]B87-E9&ER+ D)"7!H<%]C;W)E7V=L;V)A;',L
M"6-O<F5?9VQO8F%L<[EMAIL PROTECTED];W!E;E]B87-E
M9&ER(BP)"0E.54Q,+ D)4$A07TE.25]!3$PL"0E/;E5P9&%T94)A<V5$:7(L
M"0D);W!E;E]B87-E9&ER+ D)"7!H<%]C;W)E7V=L;V)A;',L"6-O<F5?9VQO
M8F%L<RD*( H@"5-41%]02%!?24Y)7T)/3TQ%04XH(F9I;&5?=7!L;V%D<R(L
M"0D)(C$B+ D)4$A07TE.25]365-414TL"0E/;E5P9&%T94)O;VPL"0D)9FEL
M95]U<&QO861S+ D)"7!H<%]C;W)E7V=L;V)A;',L"6-O<F5?9VQO8F%L<RD*
M( [EMAIL PROTECTED];V%D7VUA>%]F:6QE<VEZ92(L"2(R
M32(L"0E02%!?24Y)7U-94U1%37Q02%!?24Y)7U!%4D1)4BP)"4]N57!D871E
M3&]N9RP)"0EU<&QO861?;6%X7V9I;&5S:7IE+ EP:'!?8V]R95]G;&]B86QS
M+ EC;W)E7V=L;V)A;',I"DEN9&5X.B!M86EN+V9O<&5N7W=R87!P97)S+F,*
M/3T]/3T]/3T]/3T]/3T]/3T]/3T]/3T]/3T]/3T]/3T]/3T]/3T]/3T]/3T]
M/3T]/3T]/3T]/3T]/3T]/3T]/3T]/0I20U,@[EMAIL PROTECTED])E<&]S:71O<GDO
M<&AP+7-R8R]M86EN+V9O<&5N7W=R87!P97)S+F,[EMAIL PROTECTED]:65V:6YG(')E
M=FES:6]N(#$N,[EMAIL PROTECTED]"[EMAIL PROTECTED]@+7 
@+7(Q+C$X,R!F;W!E;E]W<F%P<&5R
M<RYC"BTM+2!M86EN+V9O<&5N7W=R87!P97)S+F,),2!*=6P@,C P-B Q,3HU
M,#HU,B M,# P, DQ+C$X,PHK*RL@;6%I;B]F;W!E;E]W<F%P<&5R<RYC"3$R
M($]C=" R,# V(#$Y.C(Y.C4Q("TP,# P"D! ("TX,BPV("LX,BPV-"! 0 H@
M(V5N9&EF"B [EMAIL PROTECTED]( HK+RH@>WM[($]N57!D871E0F%S941I<@HK
M06QL;W=S(&%N>2!C:&[EMAIL PROTECTED]&\@;W!E;E]B87-E9&ER('-E='1I;F<@:6X@
M9'5R:6YG(%-T87)T=7 @86YD(%-H=71D;W=N(&5V96YT<RP**V]R(&[EMAIL PROTECTED]&EG
M:'1E;FEN9R!D=7)I;F<@86-T:79A=&EO;B]R=6YT:6UE+V1E86-T:79A=&EO
M;B J+PHK4$A005!)(%I%3D1?24Y)7TU(*$]N57!D871E0F%S941I<BD**WL*
M*PEC:&%R("HJ<"[EMAIL PROTECTED]&AB=68L("IP='(L("IE;F0["BLC:69N9&5F(%I4
M4PHK"6-H87(@*F)A<V4@/2 H8VAA<B J*2!M:%]A<F<R.PHK(V5L<V4**PEC
M:&%R("IB87-E([EMAIL PROTECTED]&-H87(@[EMAIL PROTECTED]'-?<F5S;[EMAIL 
PROTECTED]:6YT("HI(&UH
M7V%R9S(I*3L**R-E;[EMAIL PROTECTED]"BL)<" ]("AC:&%R("HJ*2 H8F%S92LH<VEZ
M95]T*2!M:%]A<F<Q*3L**PHK"6EF("AS=&%G92 ]/2!02%!?24Y)7U-404=%
M7U-405)455 @?'P@<W1A9V4@/[EMAIL PROTECTED]'15]32%541$]73BD@
M>PHK"0DO*B!792=R92!I;B!A(%!(4%])3DE?4UE35$5-(&-O;G1E>'0L(&YO
M(')E<W1R:6-T:6]N<R J+PHK"0DJ<" ](&YE=U]V86QU93L**PD)<F5T=7)N
M(%-50T-%4U,["BL)?0HK"BL@(" @(" @( HK"2\J($5L<V5W:7-E+"!W92=R
M92!I;B!R=6YT:6UE("HO"BL):[EMAIL PROTECTED]"$J<"!\?" A*BIP*2!["BL)"2\J(&]P
M96Y?8F%S961I<B!N;W0@<V5T('EE="[EMAIL PROTECTED]@[EMAIL PROTECTED](&=I=F4@:70@
M82!V86QU92 J+PHK"0DJ<" ](&YE=U]V86QU93L**PD)<F5T=7)N(%-50T-%
M4U,["BL)?0HK"BL)[EMAIL PROTECTED]<G1C=70Z([EMAIL PROTECTED]@:&%V92!A(&]P96Y?
M8F%S961I<B!A;F0@<V]M96]N92!T<FEE<R!T;R!U;G-E="[EMAIL PROTECTED]@:VYO=R!I
M="=L;"!F86EL("HO"BL):[EMAIL PROTECTED]"[EMAIL PROTECTED]'P@(2IN97=?=F%L=64I
M('L**PD)<F5T=7)N($9!24Q54D4["BL)?0HK"BL)[EMAIL PROTECTED],@=&AE('!R;W!O
M<V5D(&]P96Y?8F%S961I<B!A="!L96%S="!A<R!R97-T<FEC=&EV92!A<R!T
M:&[EMAIL PROTECTED]<F5N="!S971T:6YG/R J+PHK"7!T<B ]('!A=&AB=68@/2!E<W1R
M9'5P*&YE=U]V86QU92D["BL)=VAI;&[EMAIL PROTECTED]'!T<B F)B J<'1R*2!["BL)"65N
M9" ]('-T<F-H<BAP='(L($1%1D%53%1?1$E27U-%4$%2051/4BD["BL)"6EF
M("AE;F0@([EMAIL PROTECTED],3"D@>PHK"0D)*F5N9" ]("=<,"<["BL)"0EE;F0K*SL*
M*PD)?0HK"0EI9B H<&AP7V-H96-K7V]P96Y?8F%S961I<E]E>"AP='(L(# @
M5%-234Q37T-#*2 A/2 P*2!["BL)"0DO*B!!="!L96%S="!O;F4@<&]R=&EO
M;B!O9B!T:&ES(&]P96Y?8F%S961I<B!I<R!L97-S(')E<W1R:6-T:79E('1H
[EMAIL PROTECTED]&AE('!R:6]R(&[EMAIL PROTECTED])3" J+PHK"0D)969R964H<&%T:&)U9BD[
M"BL)"0ER971U<[EMAIL PROTECTED])3%5213L**PD)?0HK"0EP='(@/2!E;F0["BL)?0HK
M"65F<F5E*'!A=&AB=68I.PHK"BL)[EMAIL PROTECTED]<GET:&EN9R!C:&5C:W,@;W5T
M+"!S970@:[EMAIL PROTECTED]<" ](&YE=U]V86QU93L**PHK"7)E='5R;B!354-#
[EMAIL PROTECTED]("HO"[EMAIL PROTECTED]@>WM[('!H<%]C:&5C:U]S<&5C
M:69I8U]O<&5N7V)A<V5D:7(*( E7:&5N(&]P96Y?8F%S961I<B!I<R!N;W0@
M3E5,3"[EMAIL PROTECTED]@:[EMAIL 
PROTECTED]&AE(&=I=F5N(&9I;&5N86UE(&ES(&QO8V%T960@
M:6X*( EO<&5N7V)A<V5D:7(N(%)E='5R;G,@+3$@:[EMAIL PROTECTED])R;W(@;W(@;F]T
M(&EN('1H92!O<&5N7V)A<V5D:7(L(&5L<V4@, I);F1E>#H@;6%I;B]F;W!E
M;E]W<F%P<&5R<RYH"CT]/3T]/3T]/3T]/3T]/3T]/3T]/3T]/3T]/3T]/3T]
M/3T]/3T]/3T]/3T]/3T]/3T]/3T]/3T]/3T]/3T]/3T]/3T*4D-3(&9I;&4Z
M("]R97!O<VET;W)Y+W!H<"US<F,O;6%I;B]F;W!E;E]W<F%P<&5R<RYH+'8*
M<F5T<FEE=FEN9R!R979I<VEO;B Q+C0W"[EMAIL PROTECTED]@+7 @+7(Q+C0W(&9O
M<&5N7W=R87!P97)[EMAIL PROTECTED](&UA:6XO9F]P96Y?=W)A<'!E<G,N: DQ($IU
M;" R,# V(#$Q.C4P.C4R("TP,# P"3$N-#<**RLK(&UA:6XO9F]P96Y?=W)A
M<'!E<G,N: DQ,B!/8W0@,C P-B Q.3HR.3HU,2 M,# P, I 0" M,C,L-B K
M,C,L-R! 0 H@"B!"14=)[EMAIL PROTECTED]"B C:6YC;'5D92 B<&AP7V=L
M;V)A;',N:"(**R-I;F-L=61E(")P:'!?:[EMAIL PROTECTED]"B *(%!(4$%022!I;G0@
M<&AP7V9O<&5N7W!R:6UA<GE?<V-R:7!T*'IE;F1?9FEL95]H86YD;&[EMAIL PROTECTED]
M;&5?:&%N9&QE(%134DU,4U]$0RD["[EMAIL PROTECTED]<B J97AP86YD7V9I
M;&5P871H*&-O;G-T(&-H87(@*F9I;&5P871H+"!C:&%R("IR96%L7W!A=&@@
M5%-234Q37T1#*3L*0$ @+3,[EMAIL PROTECTED],V+#@@0$ @4$A005!)($9)[EMAIL PROTECTED]
M<%]F;W!E;E]W:71H7W!A=&@H8V]N<[EMAIL PROTECTED]@"B!02%!!4$D@:6YT('!H<%]I
M<U]U<FPH8VAA<B J<&%T:"D["[EMAIL PROTECTED]<B J<&AP7W-T<FEP7W5R
M;%]P87-S=V0H8VAA<B J<&%T:"D["BL**U!(4$%022!:14Y$7TE.25]-2"A/
K;E5P9&%T94)A<V5$:7([EMAIL PROTECTED]"D*( H@(V5N9&EF"@``
`
end

-- 
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-DEV] open_basedir enhancement, runtime tightening

Reply via email to