[PHP-BUG] Req #65935 [NEW]: support for checking script uid/gid

Mon, 21 Oct 2013 07:15:07 -0700 

From:             mustnotbevalid at example dot com
Operating system: Linux
PHP version:      5.4.21
Package:          FPM related
Bug Type:         Feature/Change Request
Bug description:support for checking script uid/gid

Description:
------------
For security reasons, it would be nice to have the option similar to
Apache suExec where FPM checks the uid/gid of the script file before
executing it, and only allowing scripts to be executed with a matching
uid/gid specified in the pool config file.

This would serve as an extra layer of defense against exploit attempts
which try to write files via PHP or other CGI scripts as they would be
saved with the uid of the webserver. Combined with verbose logging of
such requests, this would also serve as an a good indicator that some
scripts on the system are insecure.


-- 
Edit bug report at https://bugs.php.net/bug.php?id=65935&edit=1
-- 
Try a snapshot (PHP 5.4):   
https://bugs.php.net/fix.php?id=65935&r=trysnapshot54
Try a snapshot (PHP 5.5):   
https://bugs.php.net/fix.php?id=65935&r=trysnapshot55
Try a snapshot (trunk):     
https://bugs.php.net/fix.php?id=65935&r=trysnapshottrunk
Fixed in SVN:               https://bugs.php.net/fix.php?id=65935&r=fixed
Fixed in release:           https://bugs.php.net/fix.php?id=65935&r=alreadyfixed
Need backtrace:             https://bugs.php.net/fix.php?id=65935&r=needtrace
Need Reproduce Script:      https://bugs.php.net/fix.php?id=65935&r=needscript
Try newer version:          https://bugs.php.net/fix.php?id=65935&r=oldversion
Not developer issue:        https://bugs.php.net/fix.php?id=65935&r=support
Expected behavior:          https://bugs.php.net/fix.php?id=65935&r=notwrong
Not enough info:            
https://bugs.php.net/fix.php?id=65935&r=notenoughinfo
Submitted twice:            
https://bugs.php.net/fix.php?id=65935&r=submittedtwice
register_globals:           https://bugs.php.net/fix.php?id=65935&r=globals
PHP 4 support discontinued: https://bugs.php.net/fix.php?id=65935&r=php4
Daylight Savings:           https://bugs.php.net/fix.php?id=65935&r=dst
IIS Stability:              https://bugs.php.net/fix.php?id=65935&r=isapi
Install GNU Sed:            https://bugs.php.net/fix.php?id=65935&r=gnused
Floating point limitations: https://bugs.php.net/fix.php?id=65935&r=float
No Zend Extensions:         https://bugs.php.net/fix.php?id=65935&r=nozend
MySQL Configuration Error:  https://bugs.php.net/fix.php?id=65935&r=mysqlcfg

Reply via email to