11/3/2022 0 Comments Cpanel magic revision![]() ![]() #Cpanel magic revision plusUbuntu 14.04.5 LTS (as opposed to Debian 8.1)Īpache 2.4.7 (Ubuntu) (as opposed to 2.4.10, default config plus VirtualHosts) I restarted apache, accessed first and then but both displayed their proper "bad" and "good" texts respectively. I used the same exact two VirtualHosts, directory tree, and file contents. With that said I'm unable to replicate this using michal_micko's instructions for mod_php and open_basedir configurations. kmark937 at gmail dot com I'm concerned about this issue since it has the potential to be a security deal-breaker for Zend OPcache when used on (as an example) a shared-hosting platform. After web server restart just run bad app2 as first. ![]() Vendor/autoload.php (same app1 and app2): Php_admin_value open_basedir /var/www/app2Įxample - PHP apps - typical using with composer (dummy): Options Indexes FollowSymLinks MultiViews Php_admin_value open_basedir /var/www/app1 With XCache Coverager v3.2.0, Copyright (c) 2005-2014, by mOo With XCache Cacher v3.2.0, Copyright (c) 2005-2014, by mOo With XCache Optimizer v3.2.0, Copyright (c) 2005-2014, by mOo With Xdebug v2.2.5, Copyright (c) 2002-2014, by Derick Rethans With Zend OPcache v7.0.6-dev, Copyright (c) 1999-2015, by Zend Technologies Zend Engine v2.6.0, Copyright (c) 1998-2015 Zend Technologies michal_micko at centrum dot cz I replicate this problem with two VirtualHosts (using open_basedir). (last revision 15:37 UTC by revision 11:21 UTC by revision 10:35 UTC by php-dev at coydogsoftware dot net) Users can access other users' files when previously accessed by opcache cross chroots and ignoring filesystem permissions. Users can only access their own files (when configured correctly). # being served by user two from a different chroot while user two doesnt even # That's the content of /one.php which is owned by user one, in its own chroot etc/php5/fpm/pool.d/2.conf:chroot = /home/two etc/php5/fpm/pool.d/1.conf:chroot = /home/one # FPM processes also run chrooted into the grep -r "chroot " /etc/php5/fpm/pool.d/ # FPM processes are configured to run as the grep -r "user =" /etc/php5/fpm/pool.d/ ![]() # This file tries to include the non-existent "/one.php" in its cat two/two.php # one.php just sets a single cat one/one.php # Permissions on both directories and files are set to rwx for user ls -l. ![]() It'd be neat if opcache could implement a runtime config variable to give to an interpreter with a value that mashes up the key by prefixing or xor'ing it without the possibility of being overwritten from within the script.Īlternatively it might be possible to use different parts of shm based on a configuration option so the cache is per-user. The file that was accessed on this path first will be stored by opcache and be used by any interpreters executing the same file later on.Įven without a chroot it is often easy to predict where files of another user on the same server will be located and they can still be included circumventing any file permissions set on these files even if PHP executes as the correct user (made even more trivial to figure out interesting files if access to the opcache_get_status() function is not restricted by the host).Įxample is in the "test script" below which shortly shows my relevant config lines. #Cpanel magic revision fullWhen turning on opcache in commonly used hosting environments where users are chrooted it is very easy to get key collissions as the full path of a file in a chroot can commonly be /wp-config.php. PHP's opcache seems to create keys for files it caches based on their filepath (including the cwd when the option e_cwd is set). ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |