search

virtualmin / virtualmin-gpl

Virtualmin web hosting control panel for Webmin
https://www.virtualmin.com
GNU General Public License v3.0
312 stars 97 forks source link

Manage PHP Configuration - Add disable_functions to GUI #753

Open shoulders opened 7 months ago

shoulders commented 7 months ago
SYSTEM INFORMATION
OS type and version Ubuntu Linux 22.04.3
Webmin version 2.105
Usermin version 2.005
Virtualmin version 7.9.0  
Theme version 21.09.5
Package updates All installed packages are up to date

The Issue

This value is edited often and does not have anything in the GUI. I know you can edit the the configuration manually.

Solution

Add an ability in the GUI to edit this option with the following consideration.

I will be adding a feature request to allow end users to be able to alter 'Resource Limits' but not be able to alter other sensitive PHP options such as getting access to the Edit Configuration Manually

So perhaps it should have its own icon and then this can be controlled by permissions.

image

I know cPanel you can disable functions but clients cannot re-enable some of them using the php.ini

Example of why

I want to disable mail() server wide (via server template), and not allow clients to turn it back on, but allow them to increase their upload value from 2M to 8M and so on.

Additional

jcameron commented 7 months ago

Is this really a strong feature to disable what users can do in PHP though? For example, even if they can't call mail() then could still shell out to the sendmail command or make an SMTP connection to localhost to send email.

chris001 commented 7 months ago

Is this really a strong feature to disable what users can do in PHP though? For example, even if they can't call mail() then could still shell out to the sendmail command or make an SMTP connection to localhost to send email.

https://support.cpanel.net/hc/en-us/articles/360051980414-How-to-modify-disable-functions-in-WHM-when-using-PHP-FPM

Some functions in PHP are considered "potentially dangerous functions". E.g. shell_exec, exec, passthru, mail, anything that lets ordinary users elevate privileges e.g. run a binary with setuid/setgid bit, read or write data they should not be allowed to, in other words functions that provide sys admin privileges which popular remote shell apps use to exploit the server to perform DoS attacks against internet targets, send bulk junk email, and attack other user accounts on the system. To prevent this, you need to enforce isolation between user accounts so they can't discover names of other accounts on the system e.g. with cpanel CloudLinux OS which isolates users from discovering other account names on the server (docker containerization), limit excessive self allocation of CPU or RAM resources (cgroups), and limit any "bad neighbor" behavior on the system.