search

Dukecitysolutions / sentora-php7-upgrade

Sentora v1.0.3 PHP 7.x Upgrade
GNU General Public License v3.0
17 stars 11 forks source link

solve snuffleupagus #5

Closed andykimpe closed 4 years ago

andykimpe commented 4 years ago

solve snuffleupagus acces and not disabled

Dukecitysolutions commented 4 years ago

Hi @andykimpe, Please standby, I'm so tired. Please standby for a response. I had a rough day. I will reply tomorrow with full support. There are MANY ISSUES with your [PULL-REQUEST].

THANK YOU FOR YOUR SUPPORT @andykimpe,!!!!! YOU ROCK!!!!

andykimpe commented 4 years ago

I'm not in a hurry, however, you forget the module cron, it's still suhosin inside

$restrictinfos = ctrl_options::GetSystemOption('php_exer') . " -d suhosin.executor.func.blacklist=\"passthru, show_source, shell_exec, system, pcntl_exec, popen, pclose, proc_open, proc_nice, proc_terminate, proc_get_status, proc_close, leak, apache_child_terminate, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid, escapeshellcmd, escapeshellarg, exec\" -d open_basedir=\"" . ctrl_options::GetSystemOption('hosted_dir') . $currentuser['username'] . "/" . ctrl_options::GetSystemOption('openbase_seperator') . ctrl_options::GetSystemOption('openbase_temp') . "\" ";

I made a hit

    if (extension_loaded('suhosin') == true ) { 
    $restrictinfos = ctrl_options::GetSystemOption('php_exer') . " -d suhosin.executor.func.blacklist=\"passthru, show_source, shell_exec, system, pcntl_exec, popen, pclose, proc_open, proc_nice, proc_terminate, proc_get_status, proc_close, leak, apache_child_terminate, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid, escapeshellcmd, escapeshellarg, exec\" -d open_basedir=\"" . ctrl_options::GetSystemOption('hosted_dir') . $currentuser['username'] . "/" . ctrl_options::GetSystemOption('openbase_seperator') . ctrl_options::GetSystemOption('openbase_temp') . "\" ";
    } else {
    $vh_snuff_path = "/etc/sentora/configs/php/sp/";
    $vh_vhostuser = $currentuser['username'];
    $restrictinfos = ctrl_options::GetSystemOption('php_exer') . " -d sp.configuration_file=/etc/sentora/configs/php/sp/snuffleupagus.rules -d open_basedir=\"" . ctrl_options::GetSystemOption('hosted_dir') . $currentuser['username'] . "/" . ctrl_options::GetSystemOption('openbase_seperator') . ctrl_options::GetSystemOption('openbase_temp') . "\" ";
    }
Dukecitysolutions commented 4 years ago

Suhosin is supposed to be in there. Suhosin-NG is coming soon. It is build for both and backwards compatibility. Thank you for trying but with this pull request you disabled all PHP disable_function security. Not sure if you don’t understand snuff code or just not familiar with Sentora function security. This pull request is DENIED. Next time if you have a question please ask first before you go in a chop up code. Thank you for your attempt.

Dukecitysolutions commented 4 years ago

Please remember this is BETA code. There is still a lot of work. It is no where complete. The Cron module is being worked on. Thank you for submitting Cron code. That I can use.