[BlueOnyx:10199] Re: 5106R/5107R/5108R YUM updates

Dirk Estenfeld dirk.estenfeld at bpanet.de
Fri Apr 20 01:58:18 -05 2012 

Michael,

there seems tob e a serious issue.
Every site which is using PHP shows the following error message  now:


Warning: Unknown: open_basedir restriction in effect. File(/usr/sausalito/configs/php/set_php_headers.php) is not within the allowed path(s): (/tmp/:/var/lib/php/session/:/home/.sites/137/site24/) in Unknown on line 0

Warning: Unknown: failed to open stream: Operation not permitted in Unknown on line 0

Warning: Unknown: open_basedir restriction in effect. File(/usr/sausalito/configs/php/set_php_headers.php) is not within the allowed path(s): (/tmp/:/var/lib/php/session/:/home/.sites/137/site24/) in Unknown on line 0

Warning: Unknown: failed to open stream: Operation not permitted in Unknown on line 0

Fatal error: Unknown: Failed opening required '/usr/sausalito/configs/php/set_php_headers.php' (include_path='.:/php/includes:/home/solarspeed/php/share/pear') in Unknown on line 0


I have some really iunhappy customers in the moment :(

Do you have any ideas whats up?? And how to fix this issue??

Regards,
Dirk



Mit freundlichen Grüßen aus Frankfurt
Dirk Estenfeld


-----------------------------------------------
Black Point Arts Internet Solutions GmbH - Hanauer Landstrasse 423a - 60314 Frankfurt

Geschäftsführer
Tel.: +49.69952181 31
Fax: +49.69952181 41
eMail: dirk.estenfeld at bpanet.de

Vertretungsberechtigt Dirk Estenfeld und Mario Di Rienzo HRB 50093 Frankfurt am Main USt.-IdNr. de210106871


Besuchen Sie uns im Internet unter http://www.bpanet.de
 
Problemlos Domains registrieren: http://www.edns.de

Einfach und günstig Daten sichern: https://www.back2web.de

SalesLOGIX Zusatzlösungen von BPA

Confidentiality Notice:
This e-mail message, including any attachments,is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.
-----------------------------------------------

-----Ursprüngliche Nachricht-----
Von: blueonyx-bounces at mail.blueonyx.it [mailto:blueonyx-bounces at mail.blueonyx.it] Im Auftrag von Christoph Schneeberger
Gesendet: Freitag, 20. April 2012 08:31
An: BlueOnyx General Mailing List
Betreff: [BlueOnyx:10197] Re: 5106R/5107R/5108R YUM updates

Good morning Michael,

I appreciate the idea behind these updates very much. But since they were automagically deployed on some of our VPS we get problems with sites (mostly sites which had safe_mode enabled):

PHP Warning:
Unknown: SAFE MODE Restriction in effect.  The script whose uid is 504 is not allowed to access /usr/sausalito/configs/php/set_php_headers.php owned by uid 0 in Unknown on line 0


On sites with Solarspeed PHP all safe_mode related settings seem to have disappeared from the PHP Section of SiteManagement since the update.

Also all Squirrelmail on regular 5106R (with stock PHP) fail now after the updated with the following errors in log:

Unknown: open_basedir restriction in effect. File(/usr/sausalito/configs/php/set_php_headers.php) is not within the allowed path(s): (/home/:/tmp/:/var/lib/php/session/:/usr/share/squirrelmail/:/etc/squirrelmail/:/var/spool/squirrelmail/:/var/lib/squirrelmail/prefs/) in Unknown on line 0 PHP Warning:  Unknown: failed to open stream: Operation not permitted in Unknown on line 0 PHP Warning:  Unknown: Failed opening '/usr/sausalito/configs/php/set_php_headers.php' for inclusion (include_path='.:/usr/share/pear:/usr/share/php') in Unknown on line 0


I am further looking into these problems but this is what I've been able to find since Nagios got me out of bed ;-P

Cheers,
Christoph


Michael Stauber wrote:
> Hi all,
>
> The following YUM updates have just been released:
>
> base-apache (5107R + 5108R):
> ==========================
>
> There appears to be some weird problem with SSL certificates on 
> BlueOnyx 5107R and 5108R. The GUI management pages for these certainly 
> have a few issues which need to be addressed. At this time the import 
> and setup of SSL certificates appears to have a "hit and miss" success 
> rate. This is still being worked on.
>
> In the meantime this update fixes another problem related with SSL
> certificates: If SSL is enabled for a Vsite, then it may happen that 
> web access to that site may redirect endlessly. To fix that one a 
> certain RewriteRule has been removed from the Apache Vhost container.  
> This update will make sure that the offending RewriteRule is commented 
> out in existing Vsites and that new Vsites will directly have it commented out.
>
> base-vsite (5106R, 5107R + 5108R):
> =============================
>
> This update to base-vsite improves the PHP security model of BlueOnyx 
> one step further.
>
> Right now we support two different PHP implementations:
>
>     - The traditional mod_php implementation of PHP.
>     - The more secure suPHP approach using CGI/FastCG.
>
> Both have their benefits and drawbacks, but suPHP generally offers the 
> best protection.
>
> As recently discussed on the BlueOnyx mailing list it can sometimes be 
> difficult to find out which PHP scripts have sent emails. If there is 
> an old and vulnerable PHP script that has been tricked into sending 
> SPAM, then the usual tools and methods we have at hand for finding the 
> culprit leave a lot to be desired.
>
> If suPHP is enabled on all Vsites, the headers of the sent emails will 
> at least tell us the username of the offending user. But if mod_php is 
> used instead, then all you have left is going through your logfiles at 
> a painstakenly pace.
>
> This updated base-vsite module will change this:
>
> If a PHP script now uses the PHP mail() function, it will not talk 
> directly to sendmail for the delivery, but will use a small round 
> about through the new executeable /usr/sausalito/sbin/phpsendmail instead.
>
> This binary will log all PHP related email traffic to /var/log/maillog 
> in an easy to understand fashion, which will make it very easy to see 
> which script sent which email.
>
> Additionally emails generated and sent by PHP scripts will have a 
> "X-PHP- Originating-Script" header, which tells us the numeric user ID 
> of the owner of the sending script and the name of the sending script:
>
> X-PHP-Originating-Script: 502:mail.php
>
> This information can then be used to look up the offending script in 
> /var/log/maillog.
>
> The '502' in the above examle tells us that the numeric user ID of the 
> owner of the script was '502'. After the colon we see the name (just 
> the name - not the path!) of the offending script. In this case here 'mail.php'.
>
> Now if we have such an email in front of us and would need to find out 
> which site and user the email really came from on our server, we would 
> need to take a look at /var/log/maillog like this:
>
> cat /var/log/maillog|grep uid=502|grep mail.php
>
> So we grep for the numeric user ID (502 in this case) and the name of 
> the script (mail.php) that was listed in the 
> "X-PHP-Originating-Script:" header of said email.
>
> Or if we wanted to see just the log entries of all PHP related email 
> activity, we could use this command:
>
> cat /var/log/maillog|grep sendmail-wrapper-php
>
> That will show us all PHP related email activity.
>
> Example:
>
> Apr 19 01:10:18 5108r root: sendmail-wrapper-php: site=5108r1.smd.net, 
> client=10.1.128.1, 
> script=/home/.sites/28/site1/web/mailtest/mailtest/mail.php, uid=502, 
> user=xxx_admin Apr 19 01:35:01 5108r root: sendmail-wrapper-php: 
> site=5108r1.smd.net, client=10.1.128.1, 
> script=/home/.sites/28/site1/web/mailtest/mailtest/mail.php, uid=502, 
> user=xxx_admin
>
> For more technical information about this update, please see 
> [BlueOnyx:10186] on the BlueOnyx mailing list.
>
>   

_______________________________________________
Blueonyx mailing list
Blueonyx at mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

More information about the Blueonyx mailing list