0

I have users upload PHP files to my server (I know this is a security risk, but it must be done).

I might have to execute the PHP scripts on the server.

So I was wondering, is there a way I can deny those PHP scripts access to any files and any directories outside of their current folder? This would make it secure enough for me to use.

Thanks.

Lucas
  • 16,930
  • 31
  • 110
  • 182
  • 1
    look this http://stackoverflow.com/questions/3115559/exploitable-php-functions – Emilio Gort Jan 21 '14 at 00:00
  • 2
    If it "must" be done, then your design is ***wrong***. Change your design or your site will become a honeypot for rabid Russian hackers in no time. Make the PHP file transfer happen through FTP or something, but don't let any man and his dog download code into your application. That's giving the key of the chicken coop to the fox. – kuroi neko Jan 21 '14 at 00:03

2 Answers2

3

Sigh... "but it must be done" - says whom?

Some options might exist: Looking at the comments on the documentation for the (now-removed) PHP Safe Mode, I found a link to suPHP which "is a tool for executing PHP scripts with the permissions of their owners". This would require local UNIX accounts for each user though - which I'm not sure is possible in your situation.

A real solution would need to go much deeper. I was once on a website that allowed you to compile and run applications in just about any language, as part of an exam. By compiling some "interesting" programs, I was able to determine that I was actually running in a QEMU VM "jail", and they were somehow funneling IO to/from the VM via my HTTP connection.

But the right answer is probably, of course, don't do it. With more information as to what exactly you're designing, we might be able to offer more sane alternatives.

Jonathon Reinhart
  • 132,704
  • 33
  • 254
  • 328
1

You could set up a chrooted environment for these scripts to run in. Not absolutely waterproof, but a lot better than potentially giving access to your entire filesystem.

This article contains lots of info on how to get certain services running correctly inside your chrooted environment, it also contains a link to a best practices document concerning the correct usage of chroot.

Now, php also has a chroot command, it might be possible to tinker some kind of "sandbox" that's "good enough" for your purposes by using that function.

Anyways, although chroot can help tremendously to protect your system during the execution of foreign code you should remain very careful, and the basic rule is to provide as little services and facilities inside the chrooted environment as possible. In that context, the SO article pointed to by Emilio Gort contains a (very long) list of exploitable functions, probably most or all of these should be blocked by using the disable_functions setting in php.ini

fvu
  • 32,488
  • 6
  • 61
  • 79