Hello. I do something like a site with a PHP code editor. When I click on the browse key, a folder with a unique id is created in my special directory and in it a file with the php code itself (example: /_projects/6dfh78d76dfg87/index.php ). Further this page opens in iframe .

So to the problem: faced with a security problem. From the created file you can edit any site file (.htaccess and other site files). I sketched a couple of options on how to limit access to the files on my site:

  1. Protect changing and deleting important files (but here's a drawback: you can edit the files of someone else's "project")
  2. Prevent files from the /_projects/{ID}/ directory from accessing files that are outside the {ID} folder
  3. Disallow some functions in PHP
  4. Hide directories and files from functions such as scandir , dirname ...
  5. Check PHP file for prohibited functions.

But I do not know how to implement these options. Tell me, how can they be implemented or does someone know a better option? I would be very grateful. Thank you in advance.

  • 2
    But not an option to throw away ../ - such ways and compare with the ways? but in general, if you look at sandbox.onlinephpfunctions.com , they, when running the script, prohibit functions such as opendir and so on in php.ini: disable_functions = - Orange_shadow
  • In any case, you essentially provide full access to the resources of your server, so even if you prohibit editing other people's files, then you simply load the percent by bitcoin mining 100% :) - andreymal
  • @andreymal, there in htaccess you can limit the extent and load time of the script. I'll just take and ban scripts that load for more than 30 seconds (for example) - Yuri
  • For htaccess, they will very quickly run away and start using, for example, Python, to which htaccess will not reach at all :) Well, or at the very least, they will write a script that will work exactly 29.9 seconds and restart it every half minute :)
  • @andreymal, I’ll generally block access to htaccess for everyone. But with the prospect of a problem. I tend to answer Mikhail Vaysman , as the container will not let this get up .. - Yuri

4 answers 4

The most reliable option would be to run the code inside the container (for example, Docker) with configured SECCOMP and selinux SELinux . In this case, you can run any code, not just PHP.

The code can do almost anything and limit it as you please.

Presentation on how to secure Docker container: Slides and Videos

  • Can you tell me a link about this? In this security, I do not know anything) - Yuri
  • I updated the answer. Added links to documentation and presentation. - Mikhail Vaysman
  • Difficult. Okay, if no one answers "easier", I as correct, thanks :) - Yuri
  • Yes. This is a difficult decision, but one of the most reliable. and do not think about the analysis of the code itself. - Mikhail Vaysman
  • You forgive me, I will lay a premium for the answer, and if then there will be no better answer, then you will get +100 in reputation) - Yuri

@Yuri, judging by the way from your example - we are talking about * nix system. And there everything is simple, the most important thing is to identify the “business logic” of your project. In other words, to designate "who can what."

  • for PHP we allocate separate "user"
  • denote him rights

Thus, he cannot do what he is not allowed to do.

Important

It is important to think ten times. Example. The user is given the right / opportunity to create any file. The user creates a file with the extension .php ... and then takes it and executes it. You understand that he will be able to do everything in the “accessibility” of the rights of a user who has access to * .php resources

This way

Using the built-in * nix tools you limit the many actions that the user can perform in principle. And in your script, you "provide for" the functionality you need. To ensure security - that is enough.

The concept of "any file" must be clearly defined. Way, mask, reserved name ...

The good principle is "prohibit everything, then allow the necessary". This is your case.

  • What to do if you need to safely run custom php scripts? For example, if an analogue is made of Project Euler. - Arnial
  • To do this, you need to identify the criteria for required security. - Majestio

In my opinion, the easiest way is to simply check the token and user id when editing a file. You have this solution number 2. 1 Login 2 to get a list of files and folders / _projects / {ID} / 3 If the user can enter the path on his own, then parse the path and match the {ID} folder and {ID} user

As another option: Generate a unique owner folder, the path to which will be difficult to find, for example, KMnwVmc6Uz7zsJ4w, this option is less secure. Since you do not close the editing, but simply rely that no one will find the folder

    Run scripts centrally, via include in your own routing script. There you can, through a directive, restrict access to the file system for each user of the resource:

     ini_set('open_basedir', $userProjectDir);

    Above $userProjectDir in the current execution session will not be able to rise. The path to the directory must be absolute.

    Next, there is another problem - access to localhost . A custom script should only have access to allowed ports. This can be achieved either by limiting the runtime user (php-fpm, apache, ..) in iptables , or by virtualization. Virtualization also allows you to limit the resources of the machine in relation to the user.