Ahhh...ok, now you're talking about something else.
I thought we were just talking about the security model of PHP only. Yes, if a host has decided to offer another means for CGI that isn't safe, then that is another issue all together...;)
I was just talking about PHP's security model. Safe mode + open_basedir + included directories + exec directories should be enough to prevent a PHP script from viewing the tree, and anyone else's data.
If you have a way, using PHP (not a perl or sh or tcl script), to get around those directives, then please let me know.
Personally, I never wanted to offer any CGI scripting to our customers, but in this day and age, a shared host has to, because the customers expect it, even though they have no idea how to use it. So I've created a jailed environment for perl to run as the user, and away from everyone else's directories. I am still wary of how safe that is, but its as close as I can get it...
Seriously, let me know if you've got any issues with PHP's security model.
Tim.
At 11:26 AM 9/26/2004, Chris Shiflett wrote:
--- Tim Traver <[EMAIL PROTECTED]> wrote: > I believe that is the reason that the PHP group came up with the > open_basedir directive. > > The open_basedir prevents you from looking into anything higher > than a particular directory tree using PHP. > > So, a combination of safe_mode and open_basedir should prevent > your script from being able to walk the tree.
We know what these directives do. I think you're missing the point. How can a PHP directive offer any protection against someone writing a CGI that reads a file somewhere? Think about it.
> I didn't think there was, and if there is, then we better post > that to the security guys at php, cause that's not good.
We know that neither safe_mode nor open_basedir offer protection from this. We also know that it's impossible to solve this problem at the PHP level, because it is completely independent of PHP.
> I think it should be pretty safe though if implemented correctly.
If you do not offer CGI access or any interpreter besides PHP, then I suppose it's better than nothing, but I wouldn't characterize this as safe. I suspect that if I were a user on this host, I could give you a URL that displays another account's password within a few minutes. But, I'm just speculating. :-)
Chris
===== Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly Coming December 2004 HTTP Developer's Handbook - Sams http://httphandbook.org/ PHP Community Site http://phpcommunity.org/
SimpleNet's Back ! http://www.simplenet.com
