Secure against c99 and similar shells

Posted by Amit Sonnenschein on Server Fault See other posts from Server Fault or by Amit Sonnenschein
Published on 2012-12-05T10:54:38Z Indexed on 2012/12/05 11:07 UTC
Read the original article Hit count: 247

Filed under:
|
|
|

I'm trying to secure my server as much as i can without limiting my options, so as a first step i've prevented dangerous functions with php

disable_functions = "apache_child_terminate, apache_setenv, define_syslog_variables, escapeshellarg, escapeshellcmd, eval, exec, fp, fput, ftp_connect, ftp_exec, ftp_get, ftp_login, ftp_nb_fput, ftp_put, ftp_raw, ftp_rawlist, highlight_file, ini_alter, ini_get_all, ini_restore, inject_code, mysql_pconnect, openlog, passthru, php_uname, phpAds_remoteInfo, phpAds_XmlRpc, phpAds_xmlrpcDecode, phpAds_xmlrpcEncode, popen, posix_getpwuid, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid, posix_setuid, posix_uname, proc_close, proc_get_status, proc_nice, proc_open, proc_terminate, shell_exec, syslog, system, xmlrpc_entity_decode" 

but i'm still fighting directory travel, i can't seems to be able to limit it, by using a shell script like c99 i can travel from my /home/dir to anywhere on the disc.

how can i limit it once and for all ?

© Server Fault or respective owner

Related posts about apache2

Related posts about ubuntu