fhltang

Hi,

I recently noticed that my surpass host has changed - now my php scripts run as me, rather than as user "apache". I presume this is a consequence of "phpsuexec" that I read about in these forums.

The impression I get is that phpsuexec is supposed to make things more secure.

However, my concern now is how do I use filesystem permissions to restrict permissions to my files? In the past, I just gave files perms 644 or 755, and since the php scripts run as "apache", they can only read and not write to those files.

With phpsuexec, how do I stop php scripts from potentially writing to my files? How do make sure a vulnerability in a php application won't blow out my mail folders in $HOME/mail ?

How do I disable phpsuexec?

Thanks.

Francis.

David

You can't disable it.

phpsuexec gives 644 and 755 permissions to files and folders automatically.

__________________

fhltang

We'll I guess "can't" answers half my question.

The other question is, how do I protect my files? Perms 644/755 won't save me from a vulnerability in a php script anymore.

Worse still, not even 660 perms on my mail folders will prevent an incorrectly written php script possibly sending my mail folders over HTTP.

In the pre-phpsuexec days, at least I knew that 660 perms on my mail folders meant that php scripts can't read my mail folders, unless of course a sysadmin erroneously put apache into the "mail" group.

Am I the only one concerned about this?

David

Why is this permission suddenly bad? What made it good before phpsuexec? If you need something set lower than 644/755, than just log into the file manager and change the permissions lower. They will go lower, just not higher.

And the way to make sure your application won't do something crazy is to make sure the application won't do something crazy...permissions can be set to anything, but if your application isn't coded correctly than it can still screw up your stuff....with or without phpsuexec.

__________________

H

The ownership permissions by the script means that it has the ability to write, delete or move files more easily. Code has a lot more freedom over the filesystem of your account, which makes it easier to exploit them.

For the same reason you don't need 0777 to upload files for your image galley, you don't need 0777 to upload a malicious file or to execute it.

David

So then the answer is still "change the permission in file manager" and/or code correctly, right?

__________________

H

What would changing the permissions in File Manager do? As far as I can see, you are still the owner of the folder or file.

Coding correctly is great, but everyone makes mistakes sometimes. There's oversight all the time. And if you use thirdparty scripts, you don't have much control over that.

David

From the way I understand it, one of the only differences is that it labels something as you by your name, rather than your id. So why is it different? What prevents someone from doing the same thing without phpsuexec?

And depending on the permissions will depend on what the page does. I've given pages much lower permissions and have had them do nothing but throw permission errors at me.

__________________

H

Without phpsuexec, PHP runs as nobody. With it, it runs as your username.

Under nobody, a PHP script can't move a file to folder with permissions 0755. Under your username and the folder as your username, it can.

So under phpsuexec, it cares about what first digit it where it otherwise would depend on one of the other two. Because it's running as the owner, it uses the owner permissions.

It could be 0700 and still do whatever it wanted through the PHP script.

And even if you did lower the permissions, the script would be able to change them rather easily through the chmod() function.

There's obviously benefits to running as phpsuexec, but it also lowers security in different areas.