[SUCS Devel] [Git][sucssite/sucs-site][sucs-site] 3 commits: stop .forward file being a symlink

Imran Hussain imranh at sucs.org
Mon Apr 3 12:59:19 BST 2017


On 03.04.2017 12:52, Andrew Price wrote:
>> Could just read the file and do input validation? .forward is 
>> supposed
>> to contain a email address, so why not just read and then use php 
>> email
>> validation stuff to check. OR have code in the sucssite that reads 
>> the
>> first line of a filer and looks for a string and if that's there 
>> then
>> don't read the rest of the file? So in cases of the original exploit
>> have "//pls don't display on the sucs site" as the first line and 
>> get
>> the sites code to check for that?
>
> You'd still be able to read someone else's .forward in that case?

That's not the problem. The problem is reading files such as 
/var/www/sucssite/suapi.inc.php that only apache should be able to read.

> One way to do it would be to do something like (pseudocode):
>
>   fd = open("/home/foo/.forward");
>   readlink("/proc/self/fd/" . $fd, &link);
>   if (link == "/home/foo/.forward") {
>         // read it
>   }
>   close(fd);

Hmmmmm

-- 
Imran Hussain
https://sucs.org



More information about the Devel mailing list