开发者

How secure (hardened) is this script (part 2)

In my previous question on this topic, what would the implications be if I removed the dynamic variable and instead replaced it with a static one like you see below...

    $source = 'http://mycentralserver.com/protected/myupdater.zip';

I've included the code below for convenience...

<?php
// TEST.PHP

$source = 'http://mycentralserver.com/protected/myupdater.zip';
$target = '.';

$out_file = fopen(basename($source), 'w');
$in_fi开发者_C百科le = fopen($source, 'r');
while ($chunk = fgets($in_file)) {
    fputs($out_file, $chunk);
}
fclose($in_file);
fclose($out_file);

$zip = new ZipArchive();
$result = $zip->open(basename($source));
if ($result) {
    $zip->extractTo($target);
    $zip->close();
}

?>


You should at least be hashing the zip with SHA-1 and checking it against a digest to ensure it hasn't changed. These digests should be extremely hard to replace.

I still think automated updates are a bit iffy.


PHP 5.2.6 and older had a vulnerability that allowed writing to arbitrary locations via Zip's extractTo() -method.

See: http://www.securityfocus.com/bid/32625

So, if the contents of the zip are untrustworthy, you must use PHP 5.2.7 or newer (or use your own Zip parser).

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜