Installed as CGI binary

PHP Manual
Prev		Next

Chapter 24. Installed as CGI binary

Table of Contents
Possible attacks
Case 1: only public files served
Case 2: using --enable-force-cgi-redirect
Case 3: setting doc_root or user_dir
Case 4: PHP parser outside of web tree

Possible attacks

Using PHP as a CGI binary is an option for setups that for some reason do not wish to integrate PHP as a module into server software (like Apache), or will use PHP with different kinds of CGI wrappers to create safe chroot and setuid environments for scripts. This setup usually involves installing executable PHP binary to the web server cgi-bin directory. CERT advisory CA-96.11 recommends against placing any interpreters into cgi-bin. Even if the PHP binary can be used as a standalone interpreter, PHP is designed to prevent the attacks this setup makes possible:

Accessing system files: http://my.host/cgi-bin/php?/etc/passwd
The query information in a URL after the question mark (?) is passed as command line arguments to the interpreter by the CGI interface. Usually interpreters open and execute the file specified as the first argument on the command line.
When invoked as a CGI binary, PHP refuses to interpret the command line arguments.
Accessing any web document on server: http://my.host/cgi-bin/php/secret/doc.html
The path information part of the URL after the PHP binary name, /secret/doc.html is conventionally used to specify the name of the file to be opened and interpreted by the CGI program. Usually some web server configuration directives (Apache: Action) are used to redirect requests to documents like http://my.host/secret/script.php to the PHP interpreter. With this setup, the web server first checks the access permissions to the directory /secret, and after that creates the redirected request http://my.host/cgi-bin/php/secret/script.php. Unfortunately, if the request is originally given in this form, no access checks are made by web server for file /secret/script.php, but only for the /cgi-bin/php file. This way any user able to access /cgi-bin/php is able to access any protected document on the web server.
In PHP, compile-time configuration option --enable-force-cgi-redirect and runtime configuration directives doc_root and user_dir can be used to prevent this attack, if the server document tree has any directories with access restrictions. See below for full the explanation of the different combinations.

Prev	Home	Next
General considerations	Up	Case 1: only public files served

	Links
HostGator $9.95/mo 100GB Diskspace 1000GB Bandwidth Host Unlimited Domains CPanel PHP CGI SSH SSI Instant Backups 99.9% Uptime Guarantee 30 Day Money Back AN Hosting $6.95/mo 250GB Diskspace 2500GB Bandwidth Host 20 Domains PHP RoR Python CGI SSI Unlimited MySQL DB Free Domain for Life 30 Day Money Back 99% Uptime Guarantee Dot5 Hosting $4.95/mo 200GB Diskspace 2000GB Bandwidth Host 5 Domains CGI Ruby Perl PHP MySQL Free Domain Forever

	Partners
AllReseller.com ApolloHosting.com HostForWeb.com Lunarpages.com ServerDispatch.com SingleHop Dedicated Servers XLHost.com Dedicated Hosting ByetHost.com Free Web Hosting Resources Free Computer Recycling ID Printer Professional search engine optimization Best UK Web Hosting Cheap Web Hosting Web Hosting Reviews Windows Dedicated Server VPS Hosting Cloud Server Hosting

	Quick Search
Platform Price Diskspace Bandwidth Advance Search Show All Companies

	Hosting Companies
eHostDirect ItsJustHosting Lunarpages Emnetsolutions Ltd Eskhosting Ya Host Host-ed Inc. Remly Communications O2Link Web Hosting SpunWeb

	Reference & Manual
CSS 2.1 Hosting Glossary HTML 4.01 MySQL Manual PHP Manual


	Host Login/Register \| Contact Us \| Terms \| Add Links Thumbnails by Thumbshots.org © 2002-2012 CheapHostDir.com


Home Share Hosting News Articles Reference & Manual Discount Zone Resources