sullise said:Whatever...until someone can post a working patch, I'm not going to worry about this. So far all the replies here have been cryptic.
ecsportal said:Just do as Wael suggested. Installing hardened-php works just fine.
sullise said:Whatever...until someone can post a working patch, I'm not going to worry about this. So far all the replies here have been cryptic.
HH-Steve said:I wouldn't say cryptic. If you set safe mode to On in php.ini it fixes it. If this breaks something i'm guessing that means safe mode wasn't enabled anyway so you don't need to update anything.
Steve
cd /usr/local/directadmin/data/templates
cp virtual_host*.conf custom
cd custom
perl -pi -e 's/#php_admin_value open_basedir/php_admin_value open_basedir/' virtual_host*.conf
echo "action=rewrite&value=httpd" >> /usr/local/directadmin/data/task.queue
disable_functions
disable_functions = ini_restore
service httpd restart
perl -pi.bak -e 's/#php_admin_value open_basedir/php_admin_value open_basedir/' virtual_host*.conf
I can vouch that this is working for us. We run php 4.4.4 with "open_basedir" and are using "disable_function = ini_restore". We ran the exploit and here are the results:can someone possibly try and confirm if open_basedir is working on 4.4.4 or not, I submitted a bug report but they rejected it for a cosmetic reason.
0/home/myuser/:/tmp/:/var/www/:/usr/local/lib/php/:/etc/virtual/
Warning: main() [function.main]: open_basedir restriction in effect. File(/etc/passwd) is not within the allowed path(s): (/home/myuser/:/tmp/:/var/www/:/usr/local/lib/php/:/etc/virtual/) in /home/myuser/domains/domain.com/public_html/mytest.php on line 7
Warning: main(/etc/passwd) [function.main]: failed to open stream: Operation not permitted in /home/myuser/domains/domain.com/public_html/mytest.php on line 7
Warning: main() [function.main]: open_basedir restriction in effect. File(/etc/passwd) is not within the allowed path(s): (/home/myuser/:/tmp/:/var/www/:/usr/local/lib/php/:/etc/virtual/) in /home/myuser/domains/domain.com/public_html/mytest.php on line 7
Warning: main(/etc/passwd) [function.main]: failed to open stream: Operation not permitted in /home/myuser/domains/domain.com/public_html/mytest.php on line 7
Warning: main() [function.include]: Failed opening '/etc/passwd' for inclusion (include_path='.:/usr/local/lib/php/') in /home/myuser/domains/domain.com/public_html/mytest.php on line 7
Warning: ini_restore() has been disabled for security reasons in /home/myuser/domains/domain.com/public_html/mytest.php on line 9
Warning: ini_restore() has been disabled for security reasons in /home/myuser/domains/domain.com/public_html/mytest.php on line 11
0/home/myuser/:/tmp/:/var/www/:/usr/local/lib/php/:/etc/virtual/
Warning: main() [function.main]: open_basedir restriction in effect. File(/etc/passwd) is not within the allowed path(s): (/home/myuser/:/tmp/:/var/www/:/usr/local/lib/php/:/etc/virtual/) in /home/myuser/domains/domain.com/public_html/mytest.php on line 17
Warning: main(/etc/passwd) [function.main]: failed to open stream: Operation not permitted in /home/myuser/domains/domain.com/public_html/mytest.php on line 17
Warning: main() [function.main]: open_basedir restriction in effect. File(/etc/passwd) is not within the allowed path(s): (/home/myuser/:/tmp/:/var/www/:/usr/local/lib/php/:/etc/virtual/) in /home/myuser/domains/domain.com/public_html/mytest.php on line 17
Warning: main(/etc/passwd) [function.main]: failed to open stream: Operation not permitted in /home/myuser/domains/domain.com/public_html/mytest.php on line 17
Warning: main() [function.include]: Failed opening '/etc/passwd' for inclusion (include_path='.:/usr/local/lib/php/') in /home/myuser/domains/domain.com/public_html/mytest.php on line 17
kke said:This can fixed by 3 ways
1. Patch php (best way)
2. disable_function = ini_restore (some script using this function may display warning)
3. safe_mode=on in main php.ini (what I do)
As we know DA have safe_mode php flag in all virtual host directive to control their safe_mode on/off then by setting safe_mode=on in php.ini will not effected them, this will effected only main domain (server domain and call by ip), but it's easy to fixed this.
Here is my step
First we set safe_mode on in php.ini
1. edit /usr/local/lib/php.ini >> safe_mode=on
Then we solved it's effect by add safe_mode flag in vhost of server root, and fixed alias that call from user domains
2. edit /etc/httpd/conf/httpd.conf
#alias /phpmyadmin /var/www/html/PhpMyAdmin
#alias /phpMyAdmin /var/www/html/phpMyAdmin
redirect /phpmyadmin http://ip.ip.ip.ip/pma
redirect /phpMyAdmin http://ip.ip.ip.ip/pma
#alias /webmail /var/www/html/webmail
redirect /webmail http://ip.ip.ip.ip/uebimiau
#alias /squirrelmail /var/www/html/squirrelmail
redirect /squirrelmail http://ip.ip.ip.ip/squirrel
<VirtualHost ip.ip.ip.ip:80>
ServerAdmin [email protected]
AliasMatch ^/~([^/]+)(/.*)* /home/$1/public_html$2
DocumentRoot /var/www/html
ServerName localhost
ScriptAlias /cgi-bin/ /var/www/cgi-bin/
CustomLog /var/log/httpd/homedir.log homedir
<Directory /var/www/html>
Options +Includes -Indexes
php_admin_flag engine ON
php_admin_flag safe_mode OFF
</Directory>
php_admin_value open_basedir /tmp:/var/www/:/usr/local/lib/php/:/etc/virtual/
</VirtualHost>
<VirtualHost ip.ip.ip.ip:443>
ServerName localhost
ServerAdmin [email protected]
AliasMatch ^/~([^/]+)(/.*)* /home/$1/public_html$2
DocumentRoot /var/www/html
ScriptAlias /cgi-bin/ /var/www/cgi-bin/
SSLEngine on
SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
CustomLog /var/log/httpd/homedir.log homedir
<Directory /var/www/html>
Options +Includes -Indexes
php_admin_flag engine ON
php_admin_flag safe_mode OFF
</Directory>
php_admin_value open_basedir /tmp:/var/www/:/usr/local/lib/php/:/etc/virtual/
</VirtualHost>
3. Correct path to match redirect
cd /var/www/html
ln -s squirrelmail-version-????? squirrel
ln -s webmail uebimiau
ln -s phpMyAdmin-version-???? pma
4. restart httpd
0/home/myuser/:/tmp/:/var/www/:/usr/local/lib/php/:/etc/virtual/