From owner-freebsd-isp@FreeBSD.ORG Thu Jul 28 10:22:48 2005 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2C20616A41F for ; Thu, 28 Jul 2005 10:22:48 +0000 (GMT) (envelope-from nospam@mgedv.net) Received: from mgedv.at (www.mgedv.at [195.3.87.103]) by mx1.FreeBSD.org (Postfix) with ESMTP id BDCDC43D4C for ; Thu, 28 Jul 2005 10:22:47 +0000 (GMT) (envelope-from nospam@mgedv.net) Received: from metis (localhost [127.0.0.1]) by mgedv.at (SMTPServer) with ESMTP id 80B27186800 for ; Thu, 28 Jul 2005 12:22:46 +0200 (MEST) From: "mdff" To: Date: Thu, 28 Jul 2005 12:22:46 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook, Build 11.0.6353 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527 Thread-Index: AcWSIuDrNUlNP3QNQF+deNiPsvpjggBOB5vQ In-Reply-To: <42E6A0B2.1030308@chef-ingenieur.de> Message-Id: <20050728102246.80B27186800@mgedv.at> Subject: RE: preventing a user to start a process X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: nospam@mgedv.net List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Jul 2005 10:22:48 -0000 > > Although jailing is a good thing, I don't think it will > prevent unwanted > > processes to be spawned, if php allows it. And having writable > > directories mounted noexec doesn't help much either, > because one can > > just run: > > /usr/bin/sh /path/to/writable/dir/script.sh > > mount-man-page: noexec Do not allow execution of any binaries on the mounted file system. This option is useful for a server that has file systems containing binaries for architectures other than its own. tried this as root: # h_dir=/test; h_sh=/tmp/foo-test.sh # mkdir $h_dir # mdmfs -M -S -o noexec,async -s 16m md1 $h_dir && mount|grep $h_dir /dev/md1 on /test (ufs, asynchronous, local, noexec) # cp -p /bin/date $h_dir # echo "#!/bin/sh" >$h_sh # echo "\$SHELL -c $h_dir/date" >>$h_sh # $h_sh /test/date: Permission denied. so i believe this is not really dangerous (chrooted of course) but theres another issue, what if someone stores a malicious php-script that opens sockets? you don't really need to write C-deamons, if you can use php... there should be at least a firewall blocking outgoing packets from ports where no daemons are normally running. and restrictions on php's options and possibilities, too...