Securing Apache server against slightly untrusted PHP code?

Question

I have an unusual situation where I need multiple users to be able to upload and execute PHP code on my Apache server, but I cannot allow one user to access another user's PHP source (if concrete examples make you feel better, imagine I'm hosting a PHP programming competition).

Here's what I have so far in the PHP.ini:

disable_functions = readfile, fpassthru, file, file_get_contents, 
 system, fopen, symlink, rename, copy, exec, passthru, pcntl_exec, 
 backtick_operator, shell_exec, popen, proc_open

What other functions would I need to add to this list, to prevent PHP code from accessing local files (and hence other PHP source?)?

score 1 · Answer 1 · answered Jan 03 '10 at 11:03

Please also take a look at http://www.suphp.org/ which executes PHP scripts with user permissions, instead of the user the webserver is running as. If you make sure the webserver can read the directory (but not necessarily the PHP file itself), then it will be able to execute these files with user permissions. Other users should not be able to read or access them in this case. This should be a more graceful and secure way of handling this.

score 0 · Answer 2 · answered Dec 20 '09 at 04:07

0

Sounds like you need to enable PHP's Safe Mode, this will disable all of relevent functions.

(Note this has been depreacited in 5.3 & removed in PHP6)

answered Dec 20 '09 at 04:07

Jon Rhoades

643

score 0 · Answer 3 · answered Dec 28 '09 at 08:46

0

Rather than trying to handle this within PHP, I'd step up a layer or two, and use Apache + unix accounts to segregate things - for instance, using suexec to keep the user's processes separate.

answered Dec 28 '09 at 08:46

James Polley

6,790

Securing Apache server against slightly untrusted PHP code?

3 Answers3