Security issues of running PHP scripts as the owner of the PHP file with suexec
Posted
by thomasrutter
on Server Fault
See other posts from Server Fault
or by thomasrutter
Published on 2010-05-10T06:56:59Z
Indexed on
2010/05/11
6:14 UTC
Read the original article
Hit count: 344
I'm using suexec to ensure that PHP scripts (and other CGI/FastCGI apps) are run as the account holder associated with the relevant virtual host. This allows for securing each users' scripts from reading/writing by other users.
However, it occurs to me that this opens up a different security hole. Previously, the web server ran as an unprivileged user, with read-only access to user's files (unless the user changed the file permissions for some reason). Now, the web server can also write to user's files.
So while I've prevented different users taking advantage of each other's scripts, I've made it so that in the event that some application has a remote code injection vulnerability, it now has not only read access but also write access to all that user's scripts and website.
How can I deal with this?
One idea I've had is to create a second user account for each user account in the system, so that each user has their own user account, and all their scripts are run under another user account. But that seems cumbersome.
© Server Fault or respective owner