Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 29th July 2010, 03:01
DantePasquale DantePasquale is offline
Senior Member
 
Join Date: Feb 2007
Location: Lakewood, OH US
Posts: 108
Thanks: 10
Thanked 3 Times in 3 Posts
Send a message via AIM to DantePasquale
Default unhappy with my open_basedir directive - alternatives?

Hi,

I've been running an RC candidate of Gallery3 and am unhappy that I had to open up /usr/bin in the open_basedir setting for one of my sites that is using it. I really think this is a security concern, but what alternatives do we have?

It's really a matter of where Gallery3 looks for one of the graphics packs. I'm running Ubuntu 9.10 so I downloaded and installed into /var/www/web1/usr/bin and tried to set that into open_basedir, but Gallery3 executes a 'which' command to find the package and finds it in /usr/bin -- I removed it from there, but it still won't look into /var/www/web1/usr/bin! (I think this is going to get resolved in the official release).

Any idea on alternatives? Are my concerns justified?

Caio, Danté
Reply With Quote
Sponsored Links
  #2  
Old 29th July 2010, 11:31
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,741
Thanks: 840
Thanked 5,597 Times in 4,408 Posts
 
Default

I understand your concerns and hopefully the gallery3 developers will add a option to specify the path to external binary tools like most cms systems are doing it. What you can try is that you check if there are really security issues when you open /usr/bin for this website by trying to write something to the directory e.g. with this php snippet:

<?php
file_put_contents('/usr/bin/testwrite','test');
?>

save the snippet as file in the gallery3 web and call it in a browser. If you find a file /usr/bin/testwrite on the shell, then it is a security problem. If not, then it should be ok to open it, at least until gallery 3 provides a option to set the path.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
Reply

Bookmarks

Tags
ispconfig3 security, open_basedir, php directive

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Proftpd + MySQL virtual users, can't connect geekman HOWTO-Related Questions 28 27th September 2010 19:03
Can't access to my website - after install problem pallermo Installation/Configuration 18 4th June 2010 14:29
mpm-itk + suexec + php-cgi grungy Installation/Configuration 2 25th March 2010 23:17
Issues with MyDNS and ISPConfig 3.0.0.8 koltz General 36 3rd March 2009 16:40
add web site serr57 Installation/Configuration 18 13th April 2008 12:40


All times are GMT +2. The time now is 10:27.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.