[horde] calls to popen()

Gunnar Wrobel wrobel at horde.org
Wed Feb 15 10:55:58 UTC 2012 

Zitat von Reindl Harald <h.reindl at thelounge.net>:

> Am 15.02.2012 11:19, schrieb Vilius ?umskas:
>>> Am 14.02.2012 20:46, schrieb Michael M Slusarz:
>>>> Quoting Jan Schneider <jan at horde.org>:
>>>>
>>>>> Zitat von Reindl Harald <h.reindl at thelounge.net>:
>>>>>
>>>>>> Am 11.02.2012 08:16, schrieb Vilius ?umskas:
>>>>>>> Hi,
>>>>>>>
>>>>>>> Saturday, February 11, 2012, 12:57:10 AM, you wrote:
>>>>>>>
>>>>>>>> what is this after update H3 some minutes ago?
>>>>>>>
>>>>>>>> Feb 10 22:52:52 [30092] ALERT - function within blacklist called:
>>>>>>>> popen() (attacker '10.0.0.241', file
>>>>>>>> '/usr/share/horde/lib/Horde/Crypt/pgp.php', line 1696)
>>>>>>>
>>>>>>>> there are existing pear packages and no single need to
>>>>>>>> open command execution which nobody will do interested
>>>>>>>> in security for foreign software
>>>>>>>
>>>>>>> There  is nothing wrong with popen() calls. If you "security" software
>>>>>>> thinks overwise, then it is seriously botched.
>>>>>>
>>>>>> and the following proves you are wrong
>>>>>>
>>>>>> open_basedir will isolate vhosts where mod_php is needed
>>>>>> popen() and such commands are breakiing out of the vhost
>>>>>> if the following happens your whole machine is compromised
>>>>>
>>>>> This only proves that open_basedir is not much more than a duct tape.
>>>>
>>>> Sort of like suhosin's theory: if we break PHP so you can't use  
>>>> it, it is now
>>> more secure.  Stupid.
>>>>
>>>> I'm going to start a company that uses all of suhosin's buzzwords  
>>>> and then,
>>> when hired, I will go to the client's
>>>> office and disable the network interface on the PHP machine.  Ta-da!  That
>>> PHP installation is now 100% secure!
>>>
>>> stop such nonsense
>>>
>>> there is NOTHING broken if anybody disables shell-access through PHP
>>> anybody who allows it should consider no longer maintain any
>>> production servers!
>>
>> What is a shell-access? It is access to the filesystem, that's all.  
>> PHP as a programming language have gazilion ways accessing a  
>> filesystem below, including file uploads and don't forget sockets.  
>> And blocking those totally criples all major applications. Other  
>> web programming languages doesn't even have such "security"  
>> configuration parameters. And for a good reason. It makes no sense.  
>> You have to ensure security on the system level, be it cgroups,  
>> jails, selinux or apparmor.
>
> what is shell access?
> using exec('/bin/anything'); or popen('/bin/anything');
>
> this are features which NEVER has to be used in ANY common
> web applications, they are nice for php shell-scripts but
> NOT in the context of a webserver

As far as I know there is no currently no alternative to provide GPG  
support other than using popen. And of course you should be able to  
deactivate it if you are concerned about the security.

>
> any application relying on such commands in miss-designed!

Which would be the alternative to provide GPG support that makes you  
say that the current solution is invalid?

Cheers,

Gunnar


-- 
Core Developer
The Horde Project

e: wrobel at horde.org
t: +49 700 6245 0000
w: http://www.horde.org

pgp: 9703 43BE
tweets: http://twitter.com/pardus_de
blog: http://log.pardus.de

More information about the horde mailing list