Wednesday, April 10, 2013

Setting up a setuid PHP binary

I'm not going to go into it too much, but i assure you i had a very good reason for doing this.

The problem: I needed to run PHP on the command line as root when invoked by a non privileged user. The simple solution is to make a copy of the php binary and them chmod +s it and chown it to root. For most apps, this will just cause it to run as root and everything will be solved. This part is still necessary:

# cd /path/to/my/project
# cp `which php` .
# chown root:root php
# chmod +s php

Unfortunately, when running this, you will find that PHP does not actually think it's running as root, and subsequently you can't run things like shutdown which require root privileges.  You can see this by running a script like this:




test.php:
<?php
    echo shell_exec('id');
?>
Command:
# sudo -u www ./php test.php
uid=80(www) gid=80(www) groups=80(www)
Well that didn't work, and the PHP docs and google didn't seem to have anything about PHP dropping privileges. A little more googling and i saw that PHP does have a setuid function, so i decided to give that a try. The function is called posix_setuid() and is allegedly included by default. Well guess what, on my PHP installation it shows the configure string as including --enable-posix=shared which for whatever reason means "i don't want to use this."

So i recompiled PHP with just --enable-posix and the function was now available. At this point, i began getting the desired results when calling the script: test.php:
<?php
posix_setuid(0);
echo shell_exec(`id`);
?>
Command:
# sudo -u www ./php test.php
uid=0(root) gid=80(www) groups=0(root),80(www)

No comments:

Post a Comment