php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #73920 Reform of file_uploads in php.ini
Submitted: 2017-01-12 12:55 UTC Modified: 2017-01-13 12:22 UTC
From: admin at yoorshop dot fr Assigned:
Status: Suspended Package: URL related
PHP Version: Irrelevant OS: centos 6.8
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2017-01-12 12:55 UTC] admin at yoorshop dot fr
Description:
------------
Hi, 

Even if we use CXS to protect websites, it is not sufficient sometimes, many hackers succeeded to take control over websites by injecting a pyramid of files which are not detected as exploit or virus, but rather these were efficient php scripts which we truly traveling in the site files until it got to sensitive datas. 
We saw that dozens of times this year, and it is true that some modules/templates with exploits had facilitated the job of the hacker... 

mail, sendmail are now forbidden on our servers, this is also an incredible spam expoit, and deprecated totally... 

file_uploads is a security disease on which PHP community has never made efforts to reform itselves...

We suggest : 
existing file_uploads = OFF all the time 
adding a second file_uploads_sess by ex, which can override orignal file_uploads, and which would be ON by default of course : file_uploads_sess = ON 

Conditions are authentication, only those who are authenticated successfully could send a file (only these need to be able to do that, begining by the webmaster to create his products in his shops or a blogger post his articles + pictures) : 
- webmaster through admin website 
- a user forum or client of website also for support by example : he can send a screenshot 
- for contact form without authentication : we could introduce a secondary acceptable condition : captcha 

Thanks for attention, 
John

Test script:
---------------
Hi, 

Even if we use CXS to protect websites, it is not sufficient sometimes, many hackers succeeded to take control over websites by injecting a pyramid of files which are not detected as exploit or virus, but rather these were efficient php scripts which we truly traveling in the site files until it got to sensitive datas. 
We saw that dozens of times this year, and it is true that some modules/templates with exploits had facilitated the job of the hacker... 

mail, sendmail are now forbidden on our servers, this is also an incredible spam expoit, and deprecated totally... 

file_uploads is a security disease on which PHP community has never made efforts to reform itselves...

We suggest : 
existing file_uploads = OFF all the time 
adding a second file_uploads_sess by ex, which can override orignal file_uploads, and which would be ON by default of course : file_uploads_sess = ON 

Conditions are authentication, only those who are authenticated successfully could send a file (only these need to be able to do that, begining by the webmaster to create his products in his shops or a blogger post his articles + pictures) : 
- webmaster through admin website 
- a user forum or client of website also for support by example : he can send a screenshot 
- for contact form without authentication : we could introduce a secondary acceptable condition : captcha 

Thanks for attention, 
John

Expected result:
----------------
Hi, 

Even if we use CXS to protect websites, it is not sufficient sometimes, many hackers succeeded to take control over websites by injecting a pyramid of files which are not detected as exploit or virus, but rather these were efficient php scripts which we truly traveling in the site files until it got to sensitive datas. 
We saw that dozens of times this year, and it is true that some modules/templates with exploits had facilitated the job of the hacker... 

mail, sendmail are now forbidden on our servers, this is also an incredible spam expoit, and deprecated totally... 

file_uploads is a security disease on which PHP community has never made efforts to reform itselves...

We suggest : 
existing file_uploads = OFF all the time 
adding a second file_uploads_sess by ex, which can override orignal file_uploads, and which would be ON by default of course : file_uploads_sess = ON 

Conditions are authentication, only those who are authenticated successfully could send a file (only these need to be able to do that, begining by the webmaster to create his products in his shops or a blogger post his articles + pictures) : 
- webmaster through admin website 
- a user forum or client of website also for support by example : he can send a screenshot 
- for contact form without authentication : we could introduce a secondary acceptable condition : captcha 

Thanks for attention, 
John

Actual result:
--------------
Hi, 

Even if we use CXS to protect websites, it is not sufficient sometimes, many hackers succeeded to take control over websites by injecting a pyramid of files which are not detected as exploit or virus, but rather these were efficient php scripts which we truly traveling in the site files until it got to sensitive datas. 
We saw that dozens of times this year, and it is true that some modules/templates with exploits had facilitated the job of the hacker... 

mail, sendmail are now forbidden on our servers, this is also an incredible spam expoit, and deprecated totally... 

file_uploads is a security disease on which PHP community has never made efforts to reform itselves...

We suggest : 
existing file_uploads = OFF all the time 
adding a second file_uploads_sess by ex, which can override orignal file_uploads, and which would be ON by default of course : file_uploads_sess = ON 

Conditions are authentication, only those who are authenticated successfully could send a file (only these need to be able to do that, begining by the webmaster to create his products in his shops or a blogger post his articles + pictures) : 
- webmaster through admin website 
- a user forum or client of website also for support by example : he can send a screenshot 
- for contact form without authentication : we could introduce a secondary acceptable condition : captcha 

Thanks for attention, 
John

Patches

yoorshop (last revision 2017-01-12 12:56 UTC) by admin at yoorshop dot fr)

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2017-01-13 12:22 UTC] cmb@php.net
-Status: Open +Status: Suspended -Type: Bug +Type: Feature/Change Request
 [2017-01-13 12:22 UTC] cmb@php.net
The behavior of file_uploads is as expected and not a bug per se,
so this is a feature request. Besides that it's not clear to me
how PHP should check the authorization, introducing a new ini
option would require the RFC process[1], so I'm suspending this
request until someone cares to propose a respective RFC.

[1] <http://wiki.php.net/rfc/howto>
 
PHP Copyright © 2001-2018 The PHP Group
All rights reserved.
Last updated: Sat Oct 20 08:01:25 2018 UTC