2

I'm trying to secure my server as much as i can without limiting my options, so as a first step i've prevented dangerous functions with php

disable_functions = "apache_child_terminate, apache_setenv, define_syslog_variables, escapeshellarg, escapeshellcmd, eval, exec, fp, fput, ftp_connect, ftp_exec, ftp_get, ftp_login, ftp_nb_fput, ftp_put, ftp_raw, ftp_rawlist, highlight_file, ini_alter, ini_get_all, ini_restore, inject_code, mysql_pconnect, openlog, passthru, php_uname, phpAds_remoteInfo, phpAds_XmlRpc, phpAds_xmlrpcDecode, phpAds_xmlrpcEncode, popen, posix_getpwuid, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid, posix_setuid, posix_uname, proc_close, proc_get_status, proc_nice, proc_open, proc_terminate, shell_exec, syslog, system, xmlrpc_entity_decode" 

but i'm still fighting directory travel, i can't seems to be able to limit it, by using a shell script like c99 i can travel from my /home/dir to anywhere on the disc.

how can i limit it once and for all ?

1 Answers1

3

I'm trying to secure my server as much as i can without limiting my options

. . . Well that won't be very secure now, will it?
You can't secure a system by putting little bits of chewing gum over the holes you've stumbled on. You're looking at security the wrong way if you think that's the right approach.
Like Michael Hampton said, you need to start by writing secure code.


but i'm still fighting directory travel, i can't seems to be able to limit it … how can i limit it once and for all ?

chroot the web server. That's the only solution.
Any other steps you take are chewing gum plugging a hole - If you want to make sure malicious users can't get at anything sensitive lock them in a box that contains nothing sensitive and don't let them out.

voretaq7
  • 79,879
  • 17
  • 130
  • 214