Databases
StackOverflow2013
Postsdbo
PO
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    text
    copied!<p>Let me start with a little story: back when I was a security contact at a Linux distribution vendor, the PHP security team begged Linux vendors to stop calling interpreter crashes <em>security bugs</em>, even when the PHP interpreter was running <em>inside</em> the web server (say, <code>mod_php</code> on Apache). (At the time, roughly one interpreter crash was being found per week.)</p> <p>It took a little bit of conversation for them to actually convince us that whoever supplied the running PHP code is completely trusted and any attempt to control what the scripts <em>could</em> do from the interpreter was misguided -- and if someone figured out how to crash the interpreter to walk around the restrictions it tried to impose (such as the <a href="http://php.net/manual/en/features.safe-mode.php" rel="noreferrer">entire silly safe mode pile of crap</a>), it was <em>not</em> a security flaw, because the safe execution of scripts was <em>not</em> the goal of the PHP interpreter -- it never was and never would be.</p> <p>I'm actually pretty happy with the end result of the discussions -- it clearly defined PHP's security goals: You should only ever allow execution of PHP code that you 100% completely trust. If you do not trust it, you do not run it. It's that simple.</p> <p>Whatever operating system resources are available to the interpreter are <em>all</em> available and fair game, regardless of whether the script exploits a bug in the interpreter or just does something unexpected.</p> <p>So, please do not allow random code to be executed in the context of your webserver unless that is what you <em>really</em> want.</p> <p>Please use the <a href="http://en.wikipedia.org/wiki/Principle_of_least_privilege" rel="noreferrer">principle of least privilege</a> to guide what resources are available to every program.</p> <p>Consider using a <a href="http://en.wikipedia.org/wiki/Mandatory_access_control" rel="noreferrer">mandatory access control</a> tool such as <a href="http://wiki.ubuntu.com/AppArmor/" rel="noreferrer">AppArmor</a>, <a href="http://en.wikipedia.org/wiki/Security-Enhanced_Linux" rel="noreferrer">SELinux</a>, <a href="http://tomoyo.sourceforge.jp/index.html.en" rel="noreferrer">TOMOYO</a>, or <a href="http://schaufler-ca.com/" rel="noreferrer">SMACK</a> to further confine what your programs can and can't do. I've worked on the AppArmor project since 2001 or so and am fairly confident that with a day's effort most system administrators can enhance their sites security in a meaningful way with AppArmor. Please evaluate several options, as the different tools are designed around different security models -- one or another may be a better fit.</p> <p>But whatever you do, please don't run your server in a fashion that needlessly opens it up to attack via extra vectors.</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload