4

So I was wondering, what steps should we take to make sure PHP daemons are safe?

One of the things that I read about was assigning the daemon to run as a user with limited priveleges? But how can we do that in UNIX?

I am guessing using the useradd function but how do we make sure that user ADDED has limited privileges?

Also what other steps should we do for security when it comes to PHP daemons?

EDIT: I am using Centos 5.5 (Linux)

MDMarra
  • 100,734
  • 32
  • 197
  • 329
Pota Onasys
  • 169
  • 1
  • 4
  • 11
    Your question title is simply brilliant. – BoltClock Dec 13 '11 at 19:25
  • telling us which distro/os you are using would help us help you. – stew Dec 13 '11 at 19:39
  • 3
    You need to think this question through a bit -- there's a lot of missing information/details. You don't define what you mean by "safe" -- Safe from what? Being exploited by a remote user? (Write secure code!), Safe from crashing?(Write something to monitor/restart it). You also don't define what you mean by a "php daemon" -- PHP is a **language**, so are we talking about a daemon written in PHP? (why would you do that?) A web server daemon that executes PHP code? (Read the webserver manual and secure it properly). Something else? – voretaq7 Dec 13 '11 at 21:16
  • @voretaq7 This is the answer. To Pota: Do code audits on the OS, the webserver and the scripts. Check if the code is safe in the way you defined "safe". – mailq Dec 13 '11 at 22:28

1 Answers1

3

External Mandatory Access Control is the answer.

mod_apparmor is a great solution that will allow control over individual program installations and keep a security flaw in one app from trouncing all over the other. For example, you can keep a poorly written PHP script from writing files when you never expected it to. It will keep a security flaw in WordPress from allowing access to a MediaWiki install on the same machine.

Also, you can wrap Apache itself with a suitable AppArmor profile. It's really fantastic stuff. :)

If you're talking PHP daemons that are run directly instead of through Apache, then treat them like a any other daemon with AppArmor.

Jeff Ferland
  • 20,547
  • 2
  • 62
  • 85