[pmwiki-devel] Directory structure revisited

thp at sigproc.de thp at sigproc.de
Thu Nov 9 03:37:24 CST 2006 

Hello,

>[...]
>
>In short, if you describe the directory structure you want to have,
>we can probably come up with the local configuration settings to
>make it happen.  :-)
>
>Pm
>

Here the directory structure that I had in mind (still incomplete, see below):

.../myhome/
   docRoot/                       (served by webserver to extern, non-wrtble)
      myPmWiki/
         pmwiki.php
         scripts/
         pub/                     ?                     
         etc.
   scriptAccessibleFileSpace/     (accessible for scripts on file access)
      myPmWiki/
         upload/
         wiki.d/
         pub/                     ?                     

I.e., the files of the PmWiki in question (here "myPmWiki") are DIVIDED to
those that are to be accessed by scripts (usually data) and those that are
allowed to be executed. (The docRoot directory could and should be further
split using the symlink idea, to separate scripts that may directly be
executed from the ones that may not.(*))

The main improvement would be the following: while the symlink idea is good
for preventing helper scripts from being executed directly, it does not
prevent, say, pmwiki.php from being overwritten with some malicious version
by some hijacked (i.e. misused by providing bad arguments in forms etc.)
pmwiki script. In my above sketched directory layout however, one would set 

DocumentRoot                 .../myhome/docRoot/
php_admin_value open_basedir .../myhome/scriptAccessibleFileSpace/

which would render replacing good code by bad code impossible. Writing in
places that the webserver might execute is just not allowed, and vice versa.

Executing arbitrary code would thus be prevented, even if there had been a
security hole in the site scripts. (This was my main motivation.)

The drawback is that files belonging actually to one web app have to be
divided into two/three parts.

Thomas 

NB:  The above dir structure is still flawed at one point, namely the dir
"pub". This directory should be served to extern by the webserver, yet it
has to be writable, for example to deliver images created on fly. So what I
actually need is a separation between space that is allowed to be
webserver-EXECUTED, and space that is script-WRITABLE. Seems to call for
safe_mode_exec_dir.

---
(*) Eleborating this, we have:

.../myhome/
   NewDocRoot/                    (served by webserver, non-writable)
      myPmWiki/
         pmwiki.php -> ../../nonWritableSpace/myPmWiki/pmwiki.php
         pub -> ../../nonWritableSpace/myPmWiki/pub
   nonWritableSpace/              (not served by webserver, non-writable)
      myPmWiki/
         pmwiki.php
         scripts/
         pub/
         etc.

---

More information about the pmwiki-devel mailing list