Navigation

djtremors · #1 12th September 2006, 07:28

Hey all,

Just noticed an issue where I have a user as an admin and files on their home path is 644 but I noticed that when I remove the admin rights to the ispc system for that site, all files belong to "apache" user now.

This opens the server up for writing now and any content can be changed if there is a vulnerable page whereas as the user they can't modify the files with the 644 permissions.

PHP Code:


			
drwxrwxr-x   2 apache web7 4096 Jul 21 10:32 cgi-bin

drwxr-xr-x   3 apache web7 4096 Sep  5 09:58 log

drwxrwxrwx   2 apache web7 4096 Sep 12 12:13 phptmp

drwxr-xr-x   2 apache web7 4096 Jul 21 10:32 ssl

drwxr-xr-x  11 apache web7 4096 Sep  8 21:24 user

drwxrwxr-x  17 apache web7 4096 Sep 12 15:25 web

anyone notice this?

falko · #2 12th September 2006, 17:12

Quote:

Originally Posted by djtremors

Hey all,

Just noticed an issue where I have a user as an admin and files on their home path is 644 but I noticed that when I remove the admin rights to the ispc system for that site, all files belong to "apache" user now.

That's the expected behaviour because we need some user to allocate the pages to if there's no site admin, and we chose the Apache user for it. Of course, you should have a site admin, and you shouldn't give shell access to your users, and use PHP Safe Mode if possible.

djtremors · #3 13th September 2006, 00:18

So you think making it the apache user is the best idea? Why not root or some huge number ie. 87726876534 so that no one can write to any of the files?

Where can I change this as it's a security issue for me?

till · #4 13th September 2006, 09:03

This is all setup in the file /root/ispconfig/scripts/lib/config.lib.php.

till · #5 13th September 2006, 09:04

Quote:

Originally Posted by djtremors

So you think making it the apache user is the best idea? Why not root or some huge number ie. 87726876534 so that no one can write to any of the files?

It is not an issue if you either use SuPHP, SueEXEC or use Safemode in PHP which is always recommended.

djtremors · #6 13th September 2006, 11:28

I can't get suphp or suexec working right now and it doesn't seem like a right reason to turn it on anyway. php safemode only tells apache to force executing scripts to work only with the same uid which it's still apache and writable too. Not only that it breaks CMS sites like Joomla and

I'll modify the config.lib.php file.

till · #7 13th September 2006, 20:03

ISPConfig enables open basedir restrictions in PHP if you enable the php safemode checkbox, so noone will be able to read other directories as long as there are no security vulnerabilities in PHP

djtremors · #8 14th September 2006, 09:42

safemode is pointless if the files are owned by the apache server user. Website can write to any file because it owns them.
I've change it to hard code to "root" so nothing (even the website) can write to the files unless they are chmod 777 already.

till · #9 14th September 2006, 09:50

Quote:

Originally Posted by djtremors

safemode is pointless if the files are owned by the apache server user. Website can write to any file because it owns them.
I've change it to hard code to "root" so nothing (even the website) can write to the files unless they are chmod 777 already.

Thats not correct for ISPConfig, have you tried it? The ISPCOnfig safemode checkbx does not only configure the PHP safemode, it also sets a directory restriction which prevents PHP scripts to read or write any file outside of the web directory.

Navigation

Facebook

News

Recent comments

Newsletter