@Daniel
I just found your wiki page for openupload.
Would have been nice if someone in this thread did this
http://wiki.contribs.org/OpenUploadSo I gave it a shot.
It's expected not to be able to change the config file from the web interface, because it's managed by templates.
Although it's not a bad idea to template the config, never the less a template won't
stop/prevent a web compromise, the config can still be accessed and changed.
Second issue
Also running apps in locations other then /opt (sme standard) make for difficult admin as well as
opening additional avenues of compromise.
Running a web app in a tree with server side system libs isn't exactly a grand idea.
Well I'm sure the hackers will thinks it's just dandy.
Rule of thumb
All externally available apps should reside in one place on the file system, aka /opt.
Thus if there ever is a compromise, they can play with all the externally available apps in one place.
Thus the open base restrictions aren't scattered all over the file system, to everyone's whim.
i.e. Like in server side lib/share trees. lol
Third issue
There is no need for
php_admin_value session.save_path /var/lib/openupload/tmp
The default SME session.save_path is
/tmp, which btw is incorrect, should be set to the php default /var/lib/php/session
due in part to that tree maintains the correct rights needed for session data files.
session.save_path=/tmp
is a php vulnerability and highly not recommended.For one, the rights on /tmp are ridicules.
For two, php is the session handler, so why not let it handle the sessions for you by default, one less thing to worry about.
For three, don't need session data scattered all around the files system, do we now, I'm sure some will want it in /
To check your system
grep 'session.save_path' /etc/php.ini
To fix your system 'session.save_path' copy & paste this into
fix_php_session.sh -- set rights/perms to 744 & run it.
#!/bin/bash
template_fname='80ModuleSettings16Session'
template_path='/etc/e-smith/templates-custom/etc/php.ini'
#=======================================================
intro_install ()
#=======================================================
{
cat << EOF
=============== Install Information ===================
This scripted created by buckwheat.
fix_php_session.sh ver-1.00.1 -- 10/11/2011
=============== Installation Started ==================
EOF
}
#=======================================================
create_cust_template()
#=======================================================
{
cat > $template_path/$template_fname <<EOF
[Session]
session.save_handler = files
session.save_path = /var/lib/php/session
session.use_cookies = 1
session.name = PHPSESSID
session.auto_start = 0
session.cookie_lifetime = 0
session.cookie_path = /
session.cookie_domain =
session.serialize_handler = php
session.gc_probability = 1
session.gc_maxlifetime = 1440
session.referer_check =
session.entropy_length = 0
session.entropy_file =
session.cache_limiter = nocache
session.cache_expire = 180
session.use_trans_sid = 1
EOF
}
#=======================================================
template_expand()
#=======================================================
{
expand-template /etc/php.ini
}
#=======================================================
httpd_restart()
#=======================================================
{
#sv h /service/httpd-e-smith
service httpd-e-smith restart
}
#=======================================================
display_current()
#=======================================================
{
current=`grep 'session.save_path' /etc/php.ini`
custom=`grep 'session.save_path' $template_path/$template_fname`
cat << EOF
===== Custom Template File $template_fname exists...
The current 'session.save_path' in /etc/php.ini is...
Current = $current
New = $custom
Note: No system changes were made...
EOF
}
#=======================================================
end_prgm()
#=======================================================
{
cat <<EOF
-------------------------------------------------------------------------------
fix_php_session.sh -- complete. `date`
-------------------------------------------------------------------------------
EOF
}
#*****************#
# Main Program #
#*****************#
clear
# Create the SME Custome Template $template_fname
if [ ! -f "$template_path/$template_fname" ]; then
echo -e "\n===== Create SME Custom Template $template_fname"
create_cust_template
echo -e "\n===== expand-template $template_fname\n"
template_expand
echo -e "\n===== Restarting the httpd service\n"
httpd_restart
else
display_current
fi
end_prgm