Mitigate the Security Risks of PHP System Command Execution
Jan 29, 2010, 07:33 (1 Talkback[s])
(Other stories by W. Jason Gilmore)
Re-Imagining Linux Platforms to Meet the Needs of Cloud Service Providers
"The risks of not properly vetting operating system commands
initiated through a PHP script are no less severe! With this in
mind, before jumping into a few examples it's worth taking a moment
to understand how this particular feature can pose a significant
security risk to not only your web site, but also to the stability
of the entire web server.
"When PHP is installed as an Apache module, it operates on
behalf of the system user (which has assumed ownership of the
Apache daemon). This means that when PHP executes an operating
system command, the Apache daemon owner carries out that command.
Therefore, any permissions assigned to the Apache daemon owner are
applied when executing this command. Some improperly configured
servers actually run Apache using the root user, meaning an errant
PHP script could conceivably delete large parts of the operating
system and any data stored within! Even in the more likely case of
your server operating on behalf of a non-root user, the security
risks remain nonetheless severe."