Mod_php security risks

It seems to me that if you don't want to use PHP as a cgi with suphp or some other wrapper and go down the mod_php route you have to accept that it is very insecure. (in the sense that one user can read the site files of other users and browse through the hosting directory, even with safe mode on)

It's got me thinking that this is possible because of the file system functions built into php so wouldn't it be a reasonable idea to add some chroot type setup to the fopen setup.

Something reasonable simple would be to have a setting in the php.ini file similar to the base_dir say /hosts/*/ so that php could understand that if it's working in /hosts/domain.com/file.php that it can't carry out any file activity on /hosts/badidea.com/

Even easier would be for php file activity to only work on it's current working directory down so that it can't work it's way up beyond it's current dir although I guess that would cause issues for quite a lot of software.

Anyone ever considered this or found any other ways of just preventing the casual hacker from seeing too much of the server?

 

 

 

 

Top