You miss understand. A user with ftp access only to a single virtual
host can upload a PHP shell to there web space. The PHP shell allows
them to login with a made up password they make. Once logged in to the
PHP shell they are no longer restricted by there FTP login permissions
due to the fact that a PHP shell runs under the www-data account. The
fact that they have now hijacked the www-data account using the
uploaded PHP shell allows them to see the other virtual hosts PHP
scripts. And even the root directory on the server if the www-data
account is not jailed. if it is jailed they are restricted to seeing
all virtual hosts on the server. jailed or not jailed you can view
your neighborer PHP Code and steel it.
How would one go about preventing this kind of attack while using
virtual hosts and PHP.
First, have the files for each virtual host owned by different users.
This will prevent someone who comes in via FTP from being able to
access files belonging to other virtual hosts. (By the way, you really
should not use FTP since it is insecure; switch to SFTP instead).
Next, configure Apache to execute the PHP for each virtual host as user
unique to that virtual host (and different from the user who owns the
files for that virtual host). There are several ways to do this,
including suEXEC, FastCGI, and reverse proxies. For more information,
see http://wiki.apache.org/httpd/PrivilegeSeparation
--
Mark Montague
m...@catseye.org
