Need possibility to run specific workers under different users. #1010
Comments
|
Welcome to the world of shared hosting :) |
|
Not only that. Even if you are hosting two pages, let's say Wordpress and Joomla (personally, I would never use Joomla) and someone hacks your Joomla page, he is able to read and steal the MySQL-Passwords from your Wordpress site. @skinkie What do you how long would it take to add this enhancement, if I help with the admin interface? Would you do it? |
|
This is a problem in the last 20 years which can only be overcome if the cgi programs workers are launched in a chroot and even then have proven that local exploits could still happen because this program would need to drop priviledges. Not a think we can solve between now and tomorrow. |
|
Not sure if I understand you correctly. I am talking about the cherokee-worker process. PHP-FPM has it's own workers and they are launched with the uid I tell them to. Isn't it possible to have a cherokee-worker, spawning dedicated to a vhost with a certain uid? I don't even see the need to chroot anything if just the process who reads the php-files and passes them to the php-socket runs under a certain user, that process would not be able to read e.g. /var/www/vhost2/config.php |
|
You can already do this with one cherokee-worker, talking to different php processes right? You could select in FastCGI the application servers to be used. Select a vserver specific php instance. |
|
Short question: When I visit vserver1.com/index.php, what process is reading the contents if index.php? And if in that index.php I got the following script, what process is scanning the directory vserver2? <?php
# /var/www/vhost1/readall.php
# This return the content of vhost2. That's bad.
echo var_dump(scandir("/var/www/vhost2"));
?> |
|
Possibily cherokee-worker to validate the file exists, the selected php-fpm worker from the balancer pane. |
|
My interpretation of this was actually not the "CGI" part but running multiple cherokee workers with different permissions. Are you sure you want to close this? |
|
Oops, you are right. In my excitement about that merge I got a little carried away. |
Workers are reading web data on the file system and pass it to an information source like php5-fpm.
For that reason a worker must be able to read the document-root of your vhosts, for example
/var/www/vhost1/index.php. Usually you would change the group of that path to www-data or whatever uid/gid cherokee is running. That means that you also need to change the group of vhost2, vhost3, etc. to www-data. Your webdata directory probably looks like this:Here lies the problem:
This script will output anything that is in the document-root of any vhost. If anyone breaks into a PHP application on vhost1, he is able to read the files and database passwords of any other vhost.
The text was updated successfully, but these errors were encountered: