Re: [PHP-DEV] mail() logging for PHP

Thu, 14 Dec 2006 08:28:25 -0800 

Hi,


That is way too much information to include into an e-mail header, this
would in fact be information disclosure vulnerability in many eyes. The
log file that you can enable provides you with the full path to the
script that called mail, which is more then enough to identify the
offending script and/or application.


In case someone would use a library installed on the server were the
mail() call e.g. in /usr/lib/PEAR/lib/php/Mail/Transport/PHP_Mail.php
(just an example) would this really help identifying the cause of the
problem? No Domain, no URL, I think it would be hard to determine who
used it.



True. Maybe adding both the main-script-name and the name of the script that 
contains the mail() call might be a good idea. Another solution would be to 
apply encryption to the information. Then you could put much more 
information in the extra header without disclosing anything. You could even 
put all this in:

- Timestamp
- Server hostname
- IP address of the client invoking the script
- Requesting URL, including query string
- Full path+filename of the main script
- Full path+filename of the script that calls mail()
- etc


Put all this is a nice text, encrypt it (i.e. 3DES, or even RSA/DSA), base64 
encode it, and add it in a header. The header might be a little big, but I 
don't think that will be a big problem for those who want to use it.


A small example:

Put the following information in the extra header:

1166094481
www.computel.nl
83.137.22.2
http://www.computel.nl/stuff/[EMAIL PROTECTED]
/var/www/sites/www.computel.nl/stuff/bla.php
/usr/lib/PEAR/lib/php/Mail/Transport/PHP_Mail.php


Encrypt this with 3des, using password 'something'. (the password could be 
configured in php.ini, or per virtual host):


U2FsdGVkX18+F3ghXdsE6Wkv0mJwtes2Ue0jMHrKfM+vNODH592rrEMZpDdbPtIe
vkSnERInTNA86XqZQtlQV+JJneAJexeNWKqhxRh+QHSsishzrq0+l9gfhu9G06LR
X3SrZCXtg9irvGIdA1OD5sDkUi7NJTJ7GnrJd6fnrv3wGZTAQlwjIeFm7LRSl8N+
tpkQckXfXYhVzOkGMU6/InE9q3Wo228wkazmXZKW1k1GVYtXPJL7f0JS9DMa3gEr
lJR5rnZqNcBVtCW6eVVl9jYU2g58bZLV


This can be put directly into a header in the message. The total extra 
message size would be about 300 bytes. That should be no problem at all. I 
have seen bigger received: headers in a message.



I think this would help a system admin a lot when trying to figure out where 
all those annoying messages are coming from. What do the rest of you think 
about this?


Thanks,
Sander

PS: If you need help implementing it, let me know!

--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php























					Reply via email to