I'm not sure if this is even possible, but i'm wondering if there's any way to do this:
I've got a php script, that will be responsible for running other scripts. These other scripts each contain a different function. I'd like to limit these scripts to only writing inside a specified folder (As developers would be able to create their own PHP scripts, and I would like to stop these scripts writing to other folders other than it's own)
I'm almost positive that you can't restrict it to one directory. :saddowns:
I'm thinking that you'd have to change CHMOD permissions of the directories that you didn't want. :-\
You could make some kind of upload filter, where you'd replace "../" and other references to child directories with nothing, or making them incapable of uploading them.
But it won't take long for a hacker to simply use mcrypt to encrypt their path, or to use rot13, base64, strings put together etc. etc. etc.
Give each uploaded script it's own user account, then only give that user account write permissions to a certain folder, then run php as that user
[QUOTE=turby;18868864]Give each uploaded script it's own user account, then only give that user account write permissions to a certain folder, then run php as that user[/QUOTE]
This may be a workable method but it would be a messy one. :-\
I guess there's no simple solution for this, I can't create a user for each script. I guess I'll just chmod the parent folder to read-only, and make the folders for each script writeable
chroot
[QUOTE=turby;18891836]chroot[/QUOTE]
I guess that might work, chrooting the script into a temporary folder until it's finished, then copying the files back to it's main folder.
It'd work great for small files, but then for larger folders I can see it becoming a problem
Then again, chroot() doesn't work on windows
Sandboxie
Sorry, you need to Log In to post a reply to this thread.
