diff options
Diffstat (limited to 'shell/SECURITY')
-rw-r--r-- | shell/SECURITY | 141 |
1 files changed, 0 insertions, 141 deletions
diff --git a/shell/SECURITY b/shell/SECURITY deleted file mode 100644 index 888c554..0000000 --- a/shell/SECURITY +++ /dev/null @@ -1,141 +0,0 @@ -SECURITY file for PHP Shell -Copyright (C) 2005-2010 the Phpshell-team -Licensed under the GNU GPL. See the file COPYING for details. - - -PHP Security -============ - -Installing PHP on your server is an inherently dangerous thing to do, -somewhat similar to the danger one faces when one buys a car: it might -kill you if you have an accident. On the other hand a car makes so -many things so much more convenient, so most people are willing to -accept the risk of accidents. - -Likewise, PHP is a powerful tool which will let you build your -webpages easier and faster than without. But it is a *very* powerful -tool --- PHP is a full programming language which can be used for -general purpose programming and not just to format HTML for display in -a browser. - -So PHP has support for reading and writing files on the filesystem. -But PHP also has support for *deleting* files. PHP even has support -for executing other programs. In other words, PHP has lots of support -for interacting with the rest of the computer it runs on. This -interaction is potentially much more powerful than you want it to, and -this can be a problem if this power ends up in the wrong hands. - - -What about Safe Mode? ---------------------- - -As they note in the PHP manual, Safe Mode is an inherently wrong way -to secure PHP, but is nevertheless used in many installations. -Turning Safe Mode on in PHP basically tries to restrict the language -and its functions to make it "safe". - -This involves a strict check on file ownership so that PHP wont -operate on files and directories which are not owned by the owner of -the current script. Other restrictions in Safe Mode include limits on -which files can be executed and includes (thus making a primitive form -of chroot or jail around the PHP script). - -PHP Shell is made mostly useless with Safe Mode since it restricts the -two commands that PHP Shell uses: ``chdir()`` and ``proc_open()``: - -* With Safe Mode you cannot change to a directory unless you are the - owner of that directory. This means that you cannot change to, say, - ``/etc`` since ``root`` own that directory. - - You'll see this when 'cd /etc' results in this error from PHP Shell: - - chdir(): SAFE MODE Restriction in effect. The script whose uid is - 500 is not allowed to access /etc owned by uid 0 - cd: could not change to: /etc - -* When Safe Mode is active, PHP forces the argument to ``proc_open()`` - to be escaped, which means that you cannot use normal shell - wildcards, pipes or any such stuff. - - So if you enter 'ls *.txt' in a directory where you know for certain - that there is a text file ending in '.txt', you will get the - following error: - - /bin/ls: *.txt: No such file or directory - - This is because PHP has silently changed the command into 'ls - \*.txt' to disable the wildcard. - -* You cannot execute programs unless they are placed in a directory - listed in ``safe_mode_exec_dir``. Say you want to execute the - program ``tr`` (which translates between sets of characters) and you - get this strange messages back: - - sh: line 1: /bin/tr: No such file or directory - - Then you have a problem with the ``safe_mode_exec_dir`` setting. In - this case ``safe_mode_exec_dir`` is set to just ``/bin`` and so PHP - has forced the shell to execute ``/bin/tr`` and since ``tr`` is - installed in ``/usr/bin`` it could not be found. - - If you have write access to a directory listed in - ``safe_mode_exec_dir``, then try copying the wanted program there - first. Executing it should now work. - - -Even without enabling Safe Mode some functions might have been -disabled via the ``disabled_functions`` setting. If the -``proc_open()`` function used by PHP Shell has been disabled, then you -will see an error like this: - - Fatal Error! - - proc_open() has been disabled for security reasons - - in /path/to/your/installation/phpshell.php, line 221. - - - -PHP Shell Security -================== - -As noted above, PHP is a powerful tool --- how does PHP Shell fit into -this? PHP Shell is actually quite simple and does one thing: it uses -the standard PHP function ``proc_open()`` to execute programs. - -Executing other programs is probably the most powerful thing you can -do in PHP, and so PHP Shell gives you a convenient interface to this -the most powerful feature of PHP. Nothing more. - - -Is PHP Shell Dangerous? ------------------------ - -Short answer: *yes*! PHP Shell has been used in the past by people -with not-so-good intentions to destroy valuable content on servers. - -The longer answer is that installing PHP Shell is like building a new -door in your house --- if you leave it unlocked, then people can (and -probably will!) walk into it and steal your possessions. So you want -to lock it, and make sure you use a good lock. - -With PHP Shell that is equivalent of using a secure password. A -secure password is one which is hard to guess (make it long, make it -random, and put both numbers, special characters and normal letters in -it). - - Remember that guessing the password is all that stands between the - crackers and your files! - -If you use a good password, then PHP Shell does not make your system -any more insecure than it already was. Security is always a matter of -finding the weakest link in the chain: if you use FTP with a simple -password for updating your site, then it would be much easier for the -crackers to attack that instead of trying to guess your super-hard PHP -Shell password. So make sure that you tighten security on all fronts -you know of. - - -If you have comments or suggestions for improvements to this little -guide in system security, then please do not hesitate to contact the -author at <mgeisler@mgeisler.net>. |