PHP :: Bug #20689 :: php_admin_value disable_functions not working as it should

Bug #20689

php_admin_value disable_functions not working as it should

Submitted:

2002-11-27 20:09 UTC

Modified:

2003-04-30 11:50 UTC

Votes:	24
Avg. Score:	4.8 ± 0.5
Reproduced:	19 of 19 (100.0%)
Same Version:	7 (36.8%)
Same OS:	13 (68.4%)

From:

webmaster at walia dot com

Assigned:

Status:

Wont fix

Package:

*Configuration Issues

PHP Version:

4.2.3

OS:

w2k and linux both

Private report:

CVE-ID:

None

View Developer Edit

[2002-11-27 20:09 UTC] webmaster at walia dot com

OK, here it goes, i will come to the point.

php_admin_value disable_functions function_string does not work on a per domain basis. i know that is what the documentation says also. but i think it should be allowed to work on a per domain basis by allowing it to be used in the conf file in the virtual domains.

The funny part is that even if you do put this in the virtual domain, for example php_admin_value disable_functions phpinfo, this means that phpinfo is not allowed to run on that domain.  the phpinfo not only runs, but it shows the local setting that phpinfo is actually disabled. where as it is not.

if this were allowed to be in the conf files, running php would be a lot more secure and there will be a lot less headache for the admin

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2002-11-27 20:22 UTC] rasmus@php.net

For technical reasons this cannot be done.  Well, it could, but the performance penalty would be huge.

[2002-11-27 20:55 UTC] akaylaa at yahoo dot com

Even if the performance penalty is huge, it would still be really nice to have that for security reasons.

what is you are doing web hosting on windows and want to stop people from running system commands. the user can run a system command in his own folder, of course, but then he can also run a batch file that actually access files above his own folder even if safe mode is on and base dir is set.

the problem will be running of the batch file.  legally the user only used a php system command in his own folder, but the batch file can now go ahead and delete files on the server anywhere.

so i personally consider this to be a bug, and a very serious one from the point of view of web hosting for the public.

[2002-11-27 21:17 UTC] rasmus@php.net

So run a separate restricted instance of Apache/PHP for virtualhosts you want to restrict and a non-restricted one for the others.

[2002-11-27 21:56 UTC] webmaster at walia dot com

cant run a seperate instance of apache on w2k when it is running as a service, can i ? and how to run a seperate instance of php?

can you explain this a bit more in detail?

[2002-11-27 22:01 UTC] rasmus@php.net

You can run multiple services.  So simply run 2 Apaches on different ports.  Stick a reverse proxy out in front to redirect the requests appropriately and so all requests will be coming in on port 80 from outside.  But, this is not the appropriate place to teach you how to design a hosting solution.  Do a bit of research on your own.

[2003-04-30 11:33 UTC] bugs dot php at jensthebrain dot de

Could you please change the documentation to reflect this behaviour?

[2003-04-30 11:50 UTC] philip@php.net

The fact that disable_functions must be set in php.ini (and not httpd.conf) is indeed documented under disable_functions, see:

http://www.php.net/manual/en/features.safe-mode.php

There is also an open documentation bug to document every directive that follows this behavior but nobody has answered this call.  Here's that report:

http://bugs.php.net/bug.php?id=11598

[2003-04-30 11:56 UTC] csamsel at gmxpro dot de

if the performance penalty is huge, make php_admin_value disable_functions possible through a configure option. That would be nice. If not, running PHP on a server hosting free and payed sebspace is almost not possible. Running two apache makes the machine probably slower than implementing this feature.

[2003-04-30 16:16 UTC] ch at heesch-it dot de

Please consider implementing the possibility of using disable_functions in a per-directory or per-virtualhost environment!
As my predecessors already said, the security advantage is much more interesting than a slight perfomance loss.
It's no use having great performance on a machine which was damaged by some user (might it be intended or not).

What do you think about this solution:
Allowing different php.ini files in different virtual hosts? 
If this was implemented, many admins would be relieved!

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sat Dec 21 14:01:32 2024 UTC