Filesystem Security
PHP is subject to the security built into most server systems
with respect to permissions on a file and directory basis.
This allows you to control which files in the filesystem may
be read. Care should be taken with any files which are world
readable to ensure that they are safe for reading by all users
who have access to that filesystem.
Since PHP was designed to allow user level access to the
filesystem, it's entirely possible to write a PHP script
that will allow you to read system files such as /etc/passwd,
modify your ethernet connections, send massive printer jobs
out, etc. This has some obvious implications, in that you
need to ensure that the files that you read from and write
to are the appropriate ones.
Consider the following script, where a user indicates that
they'd like to delete a file in their home directory. This
assumes a situation where a PHP web interface is regularly
used for file management, so the Apache user is allowed
to delete files in the user home directories.
Example 15-1. Poor variable checking leads to....
<?php
// remove a file from the user's home directory
$username = $_POST['user_submitted_name'];
$homedir = "/home/$username";
$file_to_delete = "$userfile";
unlink ("$homedir/$userfile");
echo "$file_to_delete has been deleted!";
?>
Since the username is postable from a user form, they can
submit a username and file belonging to someone else, and
delete files. In this case, you'd want to use some other
form of authentication. Consider what could happen if the
variables submitted were "../etc/" and "passwd".
The code would then effectively read:
|
