开发者

File System and security (PHP)

问答 作者:

Consider a simple file upload system written in php. User has acce开发者_Go百科ss only in admin panel. (Not FTP). He may change folder option from 707 to 755 for security issue. How can do this? Can we do this from upload script ? If yes is this a secure application?

You can use chmod for that. Every file system operation has a running risk, so consider the fact that the user might try to change the permissions of another file so you have to sanitize the input.

bool chmod  (  string $filename  ,  int $mode  )

Attempts to change the mode of the specified file to that given in mode.

we can't do while uploading a script,this is not a secure way any one can hack it. I can be done only in file uploading page code by giving chmod through ftp.

This scripts removes all the dirty stuff and also checks the white file list from the directory.If the file is exists in the dir then result will be true otherwise a hacking attempt 

function WhitePage($page) {

        $info2 = apache_lookup_uri('src/index.php?p=' . $page);

        list($arg, $val) = explode("=", $info2->args);

        $myrequest = basename(htmlspecialchars_decode($val));

        return $myrequest;
    }

    function Read_Dir($dir, $array = array()) {
        $dh = opendir($dir);
        $files = array();
        while (($file = readdir($dh)) !== false) {
            $flag = false;
            if ($file !== '.' && $file !== '..' && !in_array($file, $array)) {
                $files[] = trim($file);
            }
        }
        return $files;
    }

    function WhiteList($page = null) {
        $info2 = apache_lookup_uri('src/index.php?p=' . $page);
        list($arg, $val) = explode("=", $info2->args);
        // basename from the std class
        $myrequest = basename(htmlspecialchars_decode($val));

        $myrequest = trim($myrequest . '.php');
        //pathinfo from the std class
        $path = pathinfo($info2->filename);
        // get the files array
        $whitefiles = Read_Dir($path['dirname']);

        if (in_array($myrequest, $whitefiles, true)) {

            $res = 1;
        } else {

            $res = 0;
        }
        return $res;
    }

    // this is solution of this kind of the problems
    //$p='index.php?p=../../../../../../../../etc/passwd%00index.html';
    $p = '../../../../../../../../etc/passwd%00index.html';
    $p = WhitePage($p);
    $result = WhiteList($p);

    if ($result) {
        echo 'ok';
    } else {
        echo 'Die ,You evil hacker';
    }

It looks like you do not understand the way web-server works. It has only one system user ans there is no need to change any permissions for the site users.

To implement an ACL feature, one need a database to hold users and rights, and some manual download method implementation, a simple one (proper headers+readfile()) or one of more complicated solutions, like nginx's x_accel_redirect

继续阅读:phpsecurity

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9