New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Need possibility to run specific workers under different users. #1010
Comments
Welcome to the world of shared hosting :) |
Not only that. Even if you are hosting two pages, let's say Wordpress and Joomla (personally, I would never use Joomla) and someone hacks your Joomla page, he is able to read and steal the MySQL-Passwords from your Wordpress site. @skinkie What do you how long would it take to add this enhancement, if I help with the admin interface? Would you do it? |
This is a problem in the last 20 years which can only be overcome if the cgi programs workers are launched in a chroot and even then have proven that local exploits could still happen because this program would need to drop priviledges. Not a think we can solve between now and tomorrow. |
Not sure if I understand you correctly. I am talking about the cherokee-worker process. PHP-FPM has it's own workers and they are launched with the uid I tell them to. Isn't it possible to have a cherokee-worker, spawning dedicated to a vhost with a certain uid? I don't even see the need to chroot anything if just the process who reads the php-files and passes them to the php-socket runs under a certain user, that process would not be able to read e.g. /var/www/vhost2/config.php |
You can already do this with one cherokee-worker, talking to different php processes right? You could select in FastCGI the application servers to be used. Select a vserver specific php instance. |
Short question: When I visit vserver1.com/index.php, what process is reading the contents if index.php? And if in that index.php I got the following script, what process is scanning the directory vserver2? <?php
# /var/www/vhost1/readall.php
# This return the content of vhost2. That's bad.
echo var_dump(scandir("/var/www/vhost2"));
?> |
Possibily cherokee-worker to validate the file exists, the selected php-fpm worker from the balancer pane. |
My interpretation of this was actually not the "CGI" part but running multiple cherokee workers with different permissions. Are you sure you want to close this? |
Oops, you are right. In my excitement about that merge I got a little carried away. |
Workers are reading web data on the file system and pass it to an information source like php5-fpm.
For that reason a worker must be able to read the document-root of your vhosts, for example
/var/www/vhost1/index.php
. Usually you would change the group of that path to www-data or whatever uid/gid cherokee is running. That means that you also need to change the group of vhost2, vhost3, etc. to www-data. Your webdata directory probably looks like this:Here lies the problem:
This script will output anything that is in the document-root of any vhost. If anyone breaks into a PHP application on vhost1, he is able to read the files and database passwords of any other vhost.
The text was updated successfully, but these errors were encountered: