Am 28.10.2013 20:49, schrieb Michael Orlitzky:
On 10/28/2013 03:14 PM, Douglas Mortensen wrote:
If a customer has vulnerable PHP code on a website, some of these will allow a remote file upload. I have seen cases where they upload a PHP script that is a sort of web-based console/shell to the server (file-system, etc.). It provides several tools which all run through the uploaded PHP script to try to brute force and do other attacks. I've seen attempts at a root exploit. We've never had a root exploit and any such case of a customer's site being hacked has been easily contained by simple filesystem permissions being correct (and the fact that we have apache setup to run all scripts as the user who is the owner of the script files, which confines the script to that users' permissions). Still nobody loves the idea of bad guys trying to hack on your box.
If an attacker gets root, the entire exercise is pointless, because he can get the decryption key. So you "don't have to worry" about that case =)
A suggestion, not dovecot-related:
The web users -- in our case, www.example.com -- shouldn't have access to anything outside of the web root. You can achieve this within PHP by placing everything that the website will need under one directory, and setting (in apache):
php_admin_value open_basedir /var/www/$domain/$host/ php_admin_value upload_tmp_dir /var/www/$domain/$host/tmp php_admin_value session.save_path /var/www/$domain/$host/tmp php_admin_value sys_temp_dir /var/www/$domain/$host/tmp
oh no - do *not* place the sesiondata anywhere inside open_basdir this is one of the badest things you can do because any otherwise harmless script bypassed whatever security restriction will be able to read *any* session data
but hey, also PHP upstream a few years ago had no clue about session-security