Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sites are not Isolated - sites have access to one another #429

Open
RichardAnderson opened this issue Jan 12, 2025 · 2 comments
Open

Sites are not Isolated - sites have access to one another #429

RichardAnderson opened this issue Jan 12, 2025 · 2 comments
Labels
bug Something isn't working

Comments

@RichardAnderson
Copy link

RichardAnderson commented Jan 12, 2025
edited
Loading

Describe the bug
Deployed sites on a single server do not have the option to run on a different user account (all run on vito), therefore, one compromised site means that all sites are potentially compromised. Sites should be able to be isolated, and therefore run under separate users accounts.

To Reproduce
Steps to reproduce the behavior:

  1. Create a PHP application site (site 1)
  2. Create a file called "secrets.php", and store a secret in a variable
  3. Create a PHP application site (site 2)
  4. Upload a remote file editor to site 2
  5. Browse to secrets.php from site 1 via the deployed script on site 2
  6. See the secret values from site 1 from site 2

Expected behavior
Unable to access files from other sites

Screenshots
image
image

Additional context
N/A
@RichardAnderson RichardAnderson added the bug Something isn't working label Jan 12, 2025
@RichardAnderson RichardAnderson changed the title Users are not Isolated - sites have access to one another Sites are not Isolated - sites have access to one another Jan 12, 2025
@RichardAnderson
Copy link
Author

Solution for this, would be to create a new user for a deployed site (or have the option to), and then complete the following actions:

  1. Create a new User

export DEBIAN_FRONTEND=noninteractive
sudo useradd -p $(openssl passwd -1 password) user
sudo mkdir /home/user
sudo mkdir /home/user/logs
sudo mkdir /home/user/tmp
sudo usermod -a -G user vito
sudo chown -R user:user /home/user
sudo chmod -R 770 /home/user

  1. Create a new PHP FPM pool file in /etc/php/{version}/fpm/pool.d/{user}.conf

[{user}]
user = {user}
group = {user}

listen = /run/php/php-fpm-{user}.sock
listen.owner = vito
listen.group = vito
listen.mode = 0660

pm = dynamic
pm.max_children = 5
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3
pm.max_requests = 500

php_admin_value[open_basedir] = /home/{user}/:/tmp/
php_admin_value[upload_tmp_dir] = /home/{user}/tmp
php_admin_value[session.save_path] = /home/{user}/tmp

; Optional but recommended security settings
php_admin_value[display_errors] = off
php_admin_value[log_errors] = on
php_admin_value[error_log] = /home/{user}/logs/php_errors.log

  1. Update the nginx configuration file:

fastcgi_pass unix:/run/php/php-fpm-{user}.sock;

The site is then isolated, so even if one site is compromised, it does not effect any other sites. The Vito user still has full access. And deploy scripts should run as the isolated user.

Example below, the script above can no longer see any folders user it's /home/user directory.
image

@RichardAnderson
Copy link
Author

Started the PR.. But more work is required. #431

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@RichardAnderson