ClueNet is looking for a new Chief Technical Admin. More information here.

Shellsnet:SN Admin TracingNobody

From ClueWiki

(Redirected from Shellsnet Backup Old SN Admin TracingNobody)

Jump to: navigation, search

Important Note: This is a backed up copy of what existed on Shellsnet's old wiki.

This article is a part of the ShellsNet Old Wiki Backup index

Do not modify this page!

[edit] Problem

On systems that allow the sending of mail via apache, the sender of the mail is not logged anywhere - thus anyone with shell access (and anyone with remote access, if allow_url_fopen is On) can abuse the system to send spam without being logged or traced.
Further, since suphp modifies the EUID, not the UID, of scripts which it runs, this problem is *not* solved by installing suphp.

[edit] Solution

Solution 1 : [A simple script that logs the user who sends mail through apache] (credit for link: Cobi)
Solution 2 : Run php as cgi - and use "suexec" (which DOES change the UID, not just the EUID) [howto]
Solution 3 : Run suphp - AND modify suphp's source code before compile so it sets UID rather then EUID.
Solution 4 : Modify your MTA so that it checks the euid rather then the UID of those who are sending mail.

Here is how phrac modifies his sendmail:

mini_sendmail is a small program that reads a message from stdin and then connects to the local SMTP server and hands the message off to it. If you are running Apache chroot, you are probably already using mini_sendmail, or something very similar. mini_sendmail does *not* replace your real SMTP server. It was designed to be run in chroot jails, so a quick hack on the code can let us send mail with the euid rather than the UID. Again, this is just another "layer" between php and your mail server.

I have found what I think is the simplest solution to this problem.

First grab mini_sendmail from http://www.acme.com/software/mini_sendmail/.

I modified mini_sendmail to grab the euid rather than the uid.  Very simple.  Apply this patch:

--- mini_sendmail.c     Wed Jun 29 12:37:15 2005
+++ mini_sendmail.mine  Sun Feb 26 23:05:37 2006
@@ -145,11 +145,10 @@
       ++argn;
       }
-    username = getlogin();
    if ( username == (char*) 0 )
       {
#ifdef DO_GETPWUID
-       struct passwd* pw = getpwuid( getuid() );
+       struct passwd* pw = getpwuid( geteuid() );
       if ( pw == (struct passwd*) 0 )
           {
           (void) fprintf( stderr, "%s: can't determine username\n", argv0 );

You only have to change two lines of code to make it work.

Compile and install mini_sendmail.  I just put mine in /bin.

Edit your php.ini file:

change
sendmail_path =

to

sendmail_path = /bin/mini_sendmail -t -i


That's it!  Mail is now sent as the user that owns the script (assuming you are using suPHP).

Good luck fellas!
-phrac

Other suggestions welcome!

Retrieved from "http://www.cluenet.org/wiki/index.php/Shellsnet:SN_Admin_TracingNobody"