• Introducing WebPros Cloud - a fully managed infrastructure platform purpose-built to simplify the deployment of WebPros products !  WebPros Cloud enables you to easily deliver WebPros solutions — without the complexity of managing the infrastructure.
    Join the pilot program today!
  • Support for BIND DNS has been removed from Plesk for Windows due to security and maintenance risks.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS.

Safe mode story

R

rihad

Guest
(This is probably a FAQ by now, my apologies if there's a well thought of answer at large)

The problem of mass hosting is usually that of having to restrict cross-domain access on filesystem level. For example, a script of Site 1 located at /var/www/vhosts/site1.com/httpdocs/foo.php can access other hosters' files, files at /etc etc. Is there an out-of-the box solution in Plesk for Linux that isn't relying on PHP Safe Mode being set to enforce strictness? Perhaps chroot jails? Anything else?

Thanks for any hints.
 
Damn! I forgot after more than one year of having solved the same issue with the exactly same answer :( Indeed, thanks.
 
What if I relax safe mode checks to gid (safe_mode_gid=On), and given that GID is psacln for every Plesk-hosted customer, with only UIDs being different, is there any risk that folks operating on their own chmod 660 files will be able to overwrite other people's chmod 660 files? Or will open_basedir be enough to prevent unwanted PHP level file access while relaxing safe mode uid check at the same time? (by default, it is properly set by Plesk in %mysite%/conf/httpd.include) ?

BTW, safe_mode_exec_dir is empty by default, does it mean if I do set safe_mode_gid then users will be able to exec other Plesk users' cgi-bin scripts etc. because of GIDs being equal??
 
There are a few answers to this question. Not all parts of your question are the same.

- files in the cgi-bin are usualy perl scripts, they have nothing to do with php.
- using safe_mode_gid instead of the full safe mode is sometimes not enough. files uploaded with a php script will get user/group apache/apache (on a redhat system)
- In php 6 there is no safe mode anymore, so it is wise to start thinking about other options to implement safety.

- open_base_dir is set correct, but a little strickt in httpd.include, but you can always create a vhost.conf file to adjust it yourself. It is enough to prevent scripts open files belonging to other users. Even more: A script can never open files outside the open_basedir, not even if they belong to that same user.

As far as security goes, look into these options
- make /tmp no-exec
- use mod_security http://www.modsecurity.org/

Regards
Jan
 
- files in the cgi-bin are usualy perl scripts, they have nothing to do with php.
Click to expand...
Umm... I'm not sure what it was that I said that made you bring cgi-bin into picture? Maybe safe_mode_exec_dir? It has no direct relation to cgi-bin, afaik.
- using safe_mode_gid instead of the full safe mode is sometimes not enough. files uploaded with a php script will get user/group apache/apache (on a redhat system)
Click to expand...
Exactly, but I though I'd be using the group-gid Linux feature, or whatever it's called when child filesystem objects inherit the group of their parent directory that has had its setgid bit set.
- use mod_security http://www.modsecurity.org/
Click to expand...
mod_security is way too general with regard to shared access (?), but nonetheless is a worthwhile thing.
 
It depends on the rules, shared environments are what we focus ours on. If you run into a problem with them, just let us know about it.
 
You must log in or register to reply here.

Similar threads

B
SELinux fixes/workarounds for RHEL/CentOS 5/6 & Plesk 10
Replies
2
Views
6K
bluik
B
Back
Top