From: mustnotbevalid at example dot com Operating system: Linux PHP version: 5.4.21 Package: FPM related Bug Type: Feature/Change Request Bug description:support for checking script uid/gid
Description: ------------ For security reasons, it would be nice to have the option similar to Apache suExec where FPM checks the uid/gid of the script file before executing it, and only allowing scripts to be executed with a matching uid/gid specified in the pool config file. This would serve as an extra layer of defense against exploit attempts which try to write files via PHP or other CGI scripts as they would be saved with the uid of the webserver. Combined with verbose logging of such requests, this would also serve as an a good indicator that some scripts on the system are insecure. -- Edit bug report at https://bugs.php.net/bug.php?id=65935&edit=1 -- Try a snapshot (PHP 5.4): https://bugs.php.net/fix.php?id=65935&r=trysnapshot54 Try a snapshot (PHP 5.5): https://bugs.php.net/fix.php?id=65935&r=trysnapshot55 Try a snapshot (trunk): https://bugs.php.net/fix.php?id=65935&r=trysnapshottrunk Fixed in SVN: https://bugs.php.net/fix.php?id=65935&r=fixed Fixed in release: https://bugs.php.net/fix.php?id=65935&r=alreadyfixed Need backtrace: https://bugs.php.net/fix.php?id=65935&r=needtrace Need Reproduce Script: https://bugs.php.net/fix.php?id=65935&r=needscript Try newer version: https://bugs.php.net/fix.php?id=65935&r=oldversion Not developer issue: https://bugs.php.net/fix.php?id=65935&r=support Expected behavior: https://bugs.php.net/fix.php?id=65935&r=notwrong Not enough info: https://bugs.php.net/fix.php?id=65935&r=notenoughinfo Submitted twice: https://bugs.php.net/fix.php?id=65935&r=submittedtwice register_globals: https://bugs.php.net/fix.php?id=65935&r=globals PHP 4 support discontinued: https://bugs.php.net/fix.php?id=65935&r=php4 Daylight Savings: https://bugs.php.net/fix.php?id=65935&r=dst IIS Stability: https://bugs.php.net/fix.php?id=65935&r=isapi Install GNU Sed: https://bugs.php.net/fix.php?id=65935&r=gnused Floating point limitations: https://bugs.php.net/fix.php?id=65935&r=float No Zend Extensions: https://bugs.php.net/fix.php?id=65935&r=nozend MySQL Configuration Error: https://bugs.php.net/fix.php?id=65935&r=mysqlcfg