Reputation: 15099
Safely serving other people's PHP
I have an Amazon ec2 instance (linux).
I'd like you (yes, you) to be able to upload a PHP file and then serve it live on www.mydomain.com/yourname. I'd also like to be able to do this for numerous other people (www.mydomain.com/theirname).
I'm worried that you (or they, let's not point fingers) could do malicious things (purposefully or accidentally). For example, an infinite loop, reading/writing outside of one's root directory, taking the server down, running system commands, etc. This is what I would try if I wanted to be malicious.
Is there any way to set up PHP/apache/user permissions, or maybe search through their code before serving it, so that being malicious would at least be much, much harder?
Upvotes: 1
Views: 138
Answers (3)
Reputation: 62394
Among other things, you'll definitely want to adjust your PHP.ini to include this:
disable_functions =exec,passthru,shell_exec,system,proc_open,popen,curl_exec,curl_multi_exec,parse_ini_file,show_source
This will prevent the execution of those functions within any PHP files that utilize this .ini
I would also enable open_basedir support to lock down users to within their own directories so they can't use something like:
require_once '../../another_user/index.php';
or
$notMyFile = file_get_contents('../../another_user/config.php');
Upvotes: 8
Reputation: 150108
Have a look at Runkit Sandbox
Instantiating the Runkit_Sandbox class creates a new thread with its own scope and program stack. Using a set of options passed to the constructor, this environment may be restricted to a subset of what the primary interpreter can do and provide a safer environment for executing user supplied code.
http://php.net/manual/en/runkit.sandbox.php
Keep in mind that any resources you provide to a sandboxed environment can and eventually will be abused. If users should not be able to affect each other's results, for example, and you do provide users with a database, give each a different database in their sandbox with different credentials.
Upvotes: 1
Reputation: 6536
There's no bulletproof way of doing this.
First of all, no syscalls.
Secondly, timeout for each script.
And, you'll probably also want to keep a outside "quit button" in your hands so you can pull the plug if you see something going wrong.
PHP is a very large language, and having others run code on your server is a very difficult thing to do safely.
Upvotes: 5
Related Questions
- Protect my PHP App
- PHP file permissions
- Secure Php execution on server
- Apache: how to make directories 'secure'
- How to protect PHP from the public?
- Protecting PHP files from being called by other websites
- Is there a safe way of allowing users to add their own PHP to my server?
- PHP file security on webserver
- PHP script protection
- Safely executing users' PHP scripts on the server