Page 1 of 1

Setting a folder as user nobody - good thing or bad thing?

Posted: Sun Oct 08, 2006 3:51 am
by Doctor_Cox
Greetings all,

I'm trying to create a mysql backup script. The dump has been generated, but now I want to be able to save it to a file to FTP it to another server away from my company's primary one. But because we are running in safe mode, file creation is severly restricted. Reviewing things, the only solution I could come to was to create a folder, assign it to the nobody user, and then use that for writing the files to before FTP'ing them.

Will doing so be a possible security risk?

Posted: Sun Oct 08, 2006 4:05 am
by timvw
Since 'nobody' can write files there, you're not sure that the file in that location is really the one your script created (or a modified version placed there by someone else). Why can't you run the script under your user account?

Posted: Sun Oct 08, 2006 4:35 pm
by Doctor_Cox
Thanks for your response.

How would I go about runing the script under the user account? Every time I run it it complains about a UID mismatch due to safe mode being on.

Irregardless, I don't think file injection will be a problem but correct me if I'm wrong. I'm not very familiar with Linux, especially security. The script will be a cron job that will create files based on the database table, eg

cart_products.sql
cart_categories.sql

Before uploading them to an FTP account then deleting them. The simple method to guard against someone injecting files will be to check for any files in the folder before beginning the dumping process and deleting any found. Even if someone were able to get a file into this folder, it couldn't do any damage thanks to safe mode, and it wouldn't gain them access to other parts of the system. Correct or not?

Posted: Mon Oct 09, 2006 1:10 am
by timvw
Doctor_Cox wrote:Thanks for your response.

How would I go about runing the script under the user account? Every time I run it it complains about a UID mismatch due to safe mode being on.
Use crontab to activate the script...
Doctor_Cox wrote: Before uploading them to an FTP account then deleting them. The simple method to guard against someone injecting files will be to check for any files in the folder before beginning the dumping process and deleting any found.
Here is an obvious example of a scenario where you have a security problem:

generate file
----> malicious replacement of the file
upload file

I wonder why you need to create a temporary file anyway... Just simply pass the output of the dump-generation process to your ftp-client as file input...

Doctor_Cox wrote: Even if someone were able to get a file into this folder, it couldn't do any damage thanks to safe mode, and it wouldn't gain them access to other parts of the system. Correct or not?
The obvious issue is that it would make your backup system completely unreliable... and thus useless.

The solution is flawed by design, so i would most certainly not try to minimalize the risk...

Posted: Mon Oct 09, 2006 5:15 pm
by Doctor_Cox
timvw wrote:Just simply pass the output of the dump-generation process to your ftp-client as file input...
How do I do this? I reviewed the PHP FTP commands and nothing caught my attention as being capable of doing this. In fact this was my first port of call as I knew I was likely going to run into safe mode problems.

If I can do it via FTP commands, great, this will be easier to test than running the thing via the crontab.
Here is an obvious example of a scenario where you have a security problem:

generate file
----> malicious replacement of the file
upload file
I'm not arguing with the logic, but how could a hacker actually replace the file? I'm not doubting you, just curious. I want to learn. They'd have to be there at the exact moment of file creation, and know the names of one of the tables, which is what each file will be named in turn before FTP'ing. Theoretically possible? Yes. Practically possible? Doesn't appear so to me.

But FTP is still clearly the safest method, so if you could point me in the right direction I'd appreciate it.

Posted: Sun Oct 22, 2006 5:02 am
by Doctor_Cox
Sorry for the bump but this is pretty important. Anyone else got any ideas?

Posted: Sun Oct 22, 2006 5:30 am
by timvw

Code: Select all

<?php
file_put_contents('ftp://user:password@example.com/pub/mysql.dmp', shell_exec('mysqldump -u username -ppassword database'));
?>
(Don't forget that ftp is unsecure by design.. And you might want to consider scp or sftp instead..)